I thought it was a dot from the example from help.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 3:08 PM, Greg Hubbard <user-435e16ecfd6a@xymon.invalid
<mailto:user-435e16ecfd6a@xymon.invalid>> wrote:
Yes -- you only need one % at the beginning of your string to tell
Xymon you are going to use a regular expression. You do not need
the other % unless they are expected to appear in the log.
When using a regular expression, the | character means "or". So if
your example will "fire" if any message contains and of those
words. Also you seem to be using * by itself, which means "match
the preceding 0 or more times". Normally we use "dot star" ".*" to
mean "match anything no matter how long."
Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be
able to Google some examples.
If you are searching for "Out of memory" in a log file, you can use
"%Out of memory" as your regex string. I do not remember how you
deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would
be %Out\s+of\s+memory which removes the embedded spaces (so the
Xymon parser does not think part of your regex is some other token
on the commend) and also means that you will match of the is at
least one whitespace character between each word -- slightly more
robust than using a single space.
I know the above is a jumble, but if you will post the exact string
you want to match we can help you create the matching expression to
help you get the hang of it.
GLH
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid
<mailto:user-56034f999072@xymon.invalid>> wrote:
Right now looks like this:
LOG /var/log/messages
%failure*|%failed*|%error*|%Warning*|%memory* Color=Red
But if I type
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out
of memory* Color=Red
I’m getting all the messages that have one of these words: out
or of or memory somewhere in their string.
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid
<mailto:user-435e16ecfd6a@xymon.invalid>]
*Sent**:* Friday, September 18, 2009 1:25 PM
*To:* user-ae9b8668bcde@xymon.invalid <mailto:user-ae9b8668bcde@xymon.invalid>
*Subject:* Re: [hobbit] how to search for exact word patterns
Try making it a regex (with % prefix) instead of "simple"
expression.
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid
<mailto:user-56034f999072@xymon.invalid>> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid
<mailto:user-4c45a83f15cb@xymon.invalid>]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid <mailto:user-ae9b8668bcde@xymon.invalid>
*Subject:* Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com <http://my.host.com/>;
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains,
however improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid
<mailto:user-56034f999072@xymon.invalid>> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
-- Disclaimer: 1) all opinions are my own, 2) I may be completely
wrong, 3) my advice is worth at least as much as what you are
paying for it, or your money cheerfully refunded.
-- Disclaimer: 1) all opinions are my own, 2) I may be completely
wrong, 3) my advice is worth at least as much as what you are paying
for it, or your money cheerfully refunded.