On 9/22/11 7:54 AM, "Neil Simmonds" <user-8188d25e65e4@xymon.invalid>
wrote:
Hi all,
I¹m trying to monitor a Windows event log for an error,
I¹ve got BBWin 0.12 installed in central mode and I¹ve successfully got the
eventlogs showing up in messages,
However if I get an error from Backup Exec similar to this,
error - 2011/09/22 13:30:00 - Backup Exec System Recovery (100) - Error
EC8F17B7: Cannot create recovery points for job: BACKUP_SCHED_01_30_SAT. Error
E7B70001: Win32/Win64 API DeviceIoControl(IOCTL_VSNAP_VDIFF_STOP) failed.
Error EBAB03F1: The device does not recognize the command. Details: 0xE7B70001
Source: Backup Exec System Recovery
Despite the fact that I have this, ³LOG eventlog:Application %(Backup Exec
System Recovery\.+?|Error) COLOR=yellow² in my analysis.cfg file the color
doesn¹t change.
Why did you escape the . ? If you remove the \ in front of the ., it might
work better.
I don't think you need to specify greediness either.
In other projects we tend to be very suspicious of unqualified .+
expansions, as they can consume a lot of memory. You might try something
like:
%(Backup Exec System Recovery.{1,50}Error)
That is read as "look for the exact words "Backup Exec System Recovery",
followed by the word "Error" no more than 50 characters later..."
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281