How to configure Simple Event Correlator (SEC) to send info about mail delivery failure

My log file contains the following 3 log entries: 2017-11-16 15:50:45 1eFLV7-0003so-Cd R=1eFLV7-0003sZ-4v U=Debian-exim P=local S=1853 T="Mail delivery failed: returning message to sender" from 2017-11-16 15:50:45 1eFLV7-0003so-Cd => admins@xxx.com R=dnslookup T=remote_smtp H=smtp-51.xxx.com [xxx.xx.xx.xx] X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 2017-11-16 15:50:45 1eFLV7-0003so-Cd Completed I want to have an email sent to me, when an entry "Mail delivery failed*admins@.xxx.com" appears in the log file. How can I achieve this? Maybe SEC - Simple Event Correlator can help me? But the below configuration(pattern) does not working for me. type=SingleWithThreshold ptype=RegExp pattern=Mail delivery failed: returning message to sender*admins@xxx.com desc=Problem with mail admin@xxx.com action=pipe '%s' /usr/bin/mail -s 'ERROR SEND MAIL' me@xxx.com window=1 thresh=1