On Thu, Mar 24, 2011 at 12:59 PM, Elizabeth Schwartz
<user-c61747246f66@xymon.invalid> wrote:
Hm OK I updated the rules, now puzzled about why this one is alerting:
%^db.* <-- use it like that
change this '%*dl2*' to '%.*dl2.*' if that is what you wanted.
Also use pcretest to verify if it is matching the right host
00020522 2011-03-24 12:53:44 send_alert fiona.e-dialog.com:vmio state Paging
00020522 2011-03-24 12:53:44 Matching host:service:page
'fiona.example.com:vmio:' against rule line 146
00020522 2011-03-24 12:53:44 *** Match with 'HOST=%db* EXHOST=%*dl2*
SERVICE=vmio' ***
00020522 2011-03-24 12:53:44 Matching host:service:page
'fiona.e-dialog.com:vmio:' against rule line 147
00020522 2011-03-24 12:53:44 *** Match with 'MAIL xymail REPEAT=1d
RECOVERED' ***
Fiona alerted for vmio and is paging. Fiona does not have the string
"db" anywhere in its name. (I replaced my company with example but the
company name doesn't have a db in it either)
later on I get
00020753 2011-03-24 12:58:09 Matching host:service:page
'fiona.example.com:vmio:' against rule line 181
00020753 2011-03-24 12:58:09 Failed 'HOST=%*db*' (hostname not in include list)
The regexp is different in that there's a second asterisk, but the
machines I want to catch do all start with db...
thanks again
Betsy
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?