On 7/13/07, *Asif Iqbal* <user-6f4b51ac2a40@xymon.invalid <mailto:user-6f4b51ac2a40@xymon.invalid>> wrote:
OK here is another PCRE issue with IGNORE pattern
I have this on ~hobbit/server/etc/hobbit-clients.cfg
HOST= host.domain.net <http://host.domain.net>;
LOG /var/adm/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR"
IGNORE=%Power.*Supply.*0.*NOT.*okay
Is it suppose to be a bug in hobbit?
But I still get alert as following
&red Critical entries in <a
href="/hobbit-cgi/bb-hostsvc.sh?CLIENT=host.domain.net&SECTION=msgs:/var/adm/messages">/var/adm/messages</a>
&red Jul 13 15:04:34 host envctrltwo: [ID 771032 kern.warning]
WARNING: Power Supply 0 NOT okay
I did a pcretest and it did match so why is hobbit still alerting?
(hobbit)@hobbit:~/server/etc$ pcretest
PCRE version 4.5 01-December-2003
re> "Power.*Supply.*0.*NOT.*okay"
data> Jul 13 15:04:34 host envctrltwo: [ID 771032 kern.warning]
WARNING: Power Supply 0 NOT okay
0: Power Supply 0 NOT okay
On 6/3/07, *Giovanni - Gestor Redix* < user-e1d5cb184a81@xymon.invalid
<https://mail.google.com/mail?view=cm&tf=0&to=user-e1d5cb184a81@xymon.invalid>;wrote:
Everything ok with your syntax, i just would try removing the
double-quotes...
BTW, If you need to ignore a phrase that uses spaces, use \s to
separate, like the following syntax:
LOG blablabla %blablabla IGNORE=%one\stwo\swords
Another example: IGNORE=%one\stwo|other\sword|word
Cheers
Asif Iqbal wrote: Is this a valid syntax?
LOG /var/adm/messages "%(?-i)WARNING|(?-i)NOTICE|(?-i)ERROR"
IGNORE=%SUNWsrspx|srsxfer
I want no alert for lines, in `/var/adm/messages', that has
either or both of these two words
SUNWsrspx
srsxfer
Thanks
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu <http://pgp.mit.edu>;
-- Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu <http://pgp.mit.edu>;
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu <http://pgp.mit.edu>;