Christian
On Tue, Aug 9, 2016 at 5:53 PM Becker Christian <
user-e4a19bfb94c0@xymon.invalid> wrote:
<snip>
I was thinking, that this directive
LOG %/var/(adm|log)/messages ERROR
IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt|gdm-simple-greeter|GdmDisplay|GdmSession|GDM|packagekitd|parport)
COLOR=red
should msgs let go to red, since the message of the affected server
contains the keyword “error”, even in lowercase. But the history of the
msgs test for the affected server doesn’t show any red status.
I do not have the statement (?-i) in the analysis.cfg as documented in
the Xymon man-pages:
*Note that Xymon defaults to case-insensitive pattern matching; if that is
not what you want, put "(?-i)" between the "%" and the regular expression
to turn this off. E.g. "%(?-i)WARNING" will match the word WARNING only
when it is upper-case.*
*Is my thinking wrong?*
A little.
The man page mentions using "%(?-i)" in the context of matching regular
expressions. For non-regular-expressions, this doesn't apply. The code
that performs a non-RE match is:
return (strstr(datatosearch, pattern) != NULL);
"strstr()" is a case-sensitive string match, so "ERROR" will not match
"error".
You can either have a second line with the lower-case string, or convert to
regular expression, and take advantage of the case-insensitive match:
LOG %/var/(adm|log)/messages %ERROR
IGNORE=%(fd0|smbd|read_fd_with_timeout|Connection.reset.by.peer|error\.txt|gdm-simple-greeter|GdmDisplay|GdmSession|GDM|packagekitd|parport)
COLOR=red
Cheers
Jeremy