Greg,
That worked!!!
Thanks a lot!
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent:* Friday, September 18, 2009 3:09 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Yes -- you only need one % at the beginning of your string to tell Xymon
you are going to use a regular expression. You do not need the other %
unless they are expected to appear in the log.
When using a regular expression, the | character means "or". So if your
example will "fire" if any message contains and of those words. Also you
seem to be using * by itself, which means "match the preceding 0 or more
times". Normally we use "dot star" ".*" to mean "match anything no matter
how long."
Regular expressions are a bit of a mystery, but are very powerful. Xymon
uses Perl-compatible regular expressons (PCRE) so you might be able to
Google some examples.
If you are searching for "Out of memory" in a log file, you can use "%Out
of memory" as your regex string. I do not remember how you deal with spaces
in the string and the Xymon help is not helpful. One way to do it would be
to change your spaces into \s+ so it would be %Out\s+of\s+memory which
removes the embedded spaces (so the Xymon parser does not think part of your
regex is some other token on the commend) and also means that you will match
of the is at least one whitespace character between each word -- slightly
more robust than using a single space.
I know the above is a jumble, but if you will post the exact string you
want to match we can help you create the matching expression to help you get
the hang of it.
GLH
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Right now looks like this:
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory*
Color=Red
But if I type
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory*
Color=Red
I’m getting all the messages that have one of these words: out or of or
memory somewhere in their string.
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent:* Friday, September 18, 2009 1:25 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Try making it a regex (with % prefix) instead of "simple" expression.
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.