how to search for exact word patterns
list Camelia Anghel
Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia
list Josh Luthman
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
▸
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia
list Camelia Anghel
Did that but it look for all messages that have one of the 3 words Thanks anyway Camelia
▸
-----Original Message-----
From: Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
Sent: Friday, September 18, 2009 11:22 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
list Josh Luthman
# Example: Go red if the text "I/O error" or "read error" appears. # LOG %/var/(adm|log)/messages %(I/O|read).error COLOR=red
▸
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 11:27 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
list Greg Hubbard
Try making it a regex (with % prefix) instead of "simple" expression.
▸
On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my
advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
list Camelia Anghel
Right now looks like this: LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory* Color=Red But if I type LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory* Color=Red I'm getting all the messages that have one of these words: out or of or memory somewhere in their string. Camelia
▸
-----Original Message-----
From: Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
Sent: Friday, September 18, 2009 1:25 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] how to search for exact word patterns
Try making it a regex (with % prefix) instead of "simple" expression.
On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
From: Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
Sent: Friday, September 18, 2009 11:22 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com <http://my.host.com/>;
▸
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong,
3) my advice is worth at least as much as what you are paying for it, or
your money cheerfully refunded.
list Greg Hubbard
Yes -- you only need one % at the beginning of your string to tell Xymon you are going to use a regular expression. You do not need the other % unless they are expected to appear in the log. When using a regular expression, the | character means "or". So if your example will "fire" if any message contains and of those words. Also you seem to be using * by itself, which means "match the preceding 0 or more times". Normally we use "dot star" ".*" to mean "match anything no matter how long." Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be able to Google some examples. If you are searching for "Out of memory" in a log file, you can use "%Out of memory" as your regex string. I do not remember how you deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would be %Out\s+of\s+memory which removes the embedded spaces (so the Xymon parser does not think part of your regex is some other token on the commend) and also means that you will match of the is at least one whitespace character between each word -- slightly more robust than using a single space. I know the above is a jumble, but if you will post the exact string you want to match we can help you create the matching expression to help you get the hang of it. GLH On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Right now looks like this: LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory* Color =Red
▸
But if I type
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory*
Color=Red
I’m getting all the messages that have one of these words: out or of or
memory somewhere in their string.
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent**:* Friday, September 18, 2009 1:25 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Try making it a regex (with % prefix) instead of "simple" expression.
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
-- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.
list Josh Luthman
I thought it was a dot from the example from help.
▸
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 3:08 PM, Greg Hubbard <user-435e16ecfd6a@xymon.invalid> wrote:
Yes -- you only need one % at the beginning of your string to tell Xymon you are going to use a regular expression. You do not need the other % unless they are expected to appear in the log. When using a regular expression, the | character means "or". So if your example will "fire" if any message contains and of those words. Also you seem to be using * by itself, which means "match the preceding 0 or more times". Normally we use "dot star" ".*" to mean "match anything no matter how long." Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be able to Google some examples. If you are searching for "Out of memory" in a log file, you can use "%Out of memory" as your regex string. I do not remember how you deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would be %Out\s+of\s+memory which removes the embedded spaces (so the Xymon parser does not think part of your regex is some other token on the commend) and also means that you will match of the is at least one whitespace character between each word -- slightly more robust than using a single space. I know the above is a jumble, but if you will post the exact string you want to match we can help you create the matching expression to help you get the hang of it. GLH On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:Right now looks like this: LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory* Color=Red But if I type LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory* Color=Red I’m getting all the messages that have one of these words: out or of or memory somewhere in their string. Camelia -----Original Message----- *From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid] *Sent**:* Friday, September 18, 2009 1:25 PM *To:* user-ae9b8668bcde@xymon.invalid *Subject:* Re: [hobbit] how to search for exact word patterns Try making it a regex (with % prefix) instead of "simple" expression. On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote: Did that but it look for all messages that have one of the 3 words Thanks anyway Camelia -----Original Message----- *From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid] *Sent:* Friday, September 18, 2009 11:22 AM *To:* user-ae9b8668bcde@xymon.invalid *Subject:* Re: [hobbit] how to search for exact word patterns I think it's: HOST=my.host.com LOG /var/log/messages "out of memory" COLOR=red Not tested. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.-- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.
list Ryan Novosielski
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "." is a single character.
▸
Josh Luthman wrote:I thought it was a dot from the example from help.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 3:08 PM, Greg Hubbard <user-435e16ecfd6a@xymon.invalid
<mailto:user-435e16ecfd6a@xymon.invalid>> wrote:
Yes -- you only need one % at the beginning of your string to tell
Xymon you are going to use a regular expression. You do not need
the other % unless they are expected to appear in the log.
When using a regular expression, the | character means "or". So if
your example will "fire" if any message contains and of those
words. Also you seem to be using * by itself, which means "match
the preceding 0 or more times". Normally we use "dot star" ".*" to
mean "match anything no matter how long."
Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be
able to Google some examples.
If you are searching for "Out of memory" in a log file, you can use
"%Out of memory" as your regex string. I do not remember how you
deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would
be %Out\s+of\s+memory which removes the embedded spaces (so the
Xymon parser does not think part of your regex is some other token
on the commend) and also means that you will match of the is at
least one whitespace character between each word -- slightly more
robust than using a single space.
I know the above is a jumble, but if you will post the exact string
you want to match we can help you create the matching expression to
help you get the hang of it.
GLH
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid
<mailto:user-56034f999072@xymon.invalid>> wrote:
Right now looks like this:
LOG /var/log/messages
%failure*|%failed*|%error*|%Warning*|%memory* Color=Red
But if I type
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out
of memory* Color=Red
I’m getting all the messages that have one of these words: out
or of or memory somewhere in their string.
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid
<mailto:user-435e16ecfd6a@xymon.invalid>]
*Sent**:* Friday, September 18, 2009 1:25 PM
*To:* user-ae9b8668bcde@xymon.invalid <mailto:user-ae9b8668bcde@xymon.invalid>
▸
*Subject:* Re: [hobbit] how to search for exact word patterns
Try making it a regex (with % prefix) instead of "simple"
expression.
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid
<mailto:user-56034f999072@xymon.invalid>> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid
<mailto:user-4c45a83f15cb@xymon.invalid>]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid <mailto:user-ae9b8668bcde@xymon.invalid>
▸
*Subject:* Re: [hobbit] how to search for exact word patterns I think it's: HOST=my.host.com <http://my.host.com/>; LOG /var/log/messages "out of memory" COLOR=red Not tested. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid <mailto:user-56034f999072@xymon.invalid>> wrote: Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded. -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.
- -- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |user-ae4522577e16@xymon.invalid - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqz5OQACgkQmb+gadEcsb6/AQCeMHINp1FT58/yxJhGDV9jjDYf 2UQAoJOd++iahFVlFX1RNwrgarLQ03lT =0XEa -----END PGP SIGNATURE-----
list Josh Luthman
Wouldn't that work for you at least at this point?
▸
On 9/18/09, Ryan Novosielski <user-ae4522577e16@xymon.invalid> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "." is a single character. Josh Luthman wrote:I thought it was a dot from the example from help. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 3:08 PM, Greg Hubbard <user-435e16ecfd6a@xymon.invalid <mailto:user-435e16ecfd6a@xymon.invalid>> wrote: Yes -- you only need one % at the beginning of your string to tell Xymon you are going to use a regular expression. You do not need the other % unless they are expected to appear in the log. When using a regular expression, the | character means "or". So if your example will "fire" if any message contains and of those words. Also you seem to be using * by itself, which means "match the preceding 0 or more times". Normally we use "dot star" ".*" to mean "match anything no matter how long." Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be able to Google some examples. If you are searching for "Out of memory" in a log file, you can use "%Out of memory" as your regex string. I do not remember how you deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would be %Out\s+of\s+memory which removes the embedded spaces (so the Xymon parser does not think part of your regex is some other token on the commend) and also means that you will match of the is at least one whitespace character between each word -- slightly more robust than using a single space. I know the above is a jumble, but if you will post the exact string you want to match we can help you create the matching expression to help you get the hang of it. GLH On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid <mailto:user-56034f999072@xymon.invalid>> wrote: Right now looks like this: LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory* Color=Red But if I type LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory* Color=Red I’m getting all the messages that have one of these words: out or of or memory somewhere in their string. Camelia -----Original Message----- *From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid <mailto:user-435e16ecfd6a@xymon.invalid>] *Sent**:* Friday, September 18, 2009 1:25 PM *To:* user-ae9b8668bcde@xymon.invalid <mailto:user-ae9b8668bcde@xymon.invalid> *Subject:* Re: [hobbit] how to search for exact word patterns Try making it a regex (with % prefix) instead of "simple" expression. On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid <mailto:user-56034f999072@xymon.invalid>> wrote: Did that but it look for all messages that have one of the 3 words Thanks anyway Camelia -----Original Message----- *From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid <mailto:user-4c45a83f15cb@xymon.invalid>] *Sent:* Friday, September 18, 2009 11:22 AM *To:* user-ae9b8668bcde@xymon.invalid <mailto:user-ae9b8668bcde@xymon.invalid> *Subject:* Re: [hobbit] how to search for exact word patterns I think it's: HOST=my.host.com <http://my.host.com/>; LOG /var/log/messages "out of memory" COLOR=red Not tested. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid <mailto:user-56034f999072@xymon.invalid>> wrote: Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded. -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.- -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |user-ae4522577e16@xymon.invalid - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqz5OQACgkQmb+gadEcsb6/AQCeMHINp1FT58/yxJhGDV9jjDYf 2UQAoJOd++iahFVlFX1RNwrgarLQ03lT =0XEa -----END PGP SIGNATURE-----
-- Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle
list Camelia Anghel
Hello Greg, I did not have too much exposure to Pearl, but I'll learn. I'll start testing and let you know if I need more help. Thank you,
▸
Camelia -----Original Message----- From: Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid] Sent: Friday, September 18, 2009 3:09 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns Yes -- you only need one % at the beginning of your string to tell Xymon you are going to use a regular expression. You do not need the other % unless they are expected to appear in the log. When using a regular expression, the | character means "or". So if your example will "fire" if any message contains and of those words. Also you seem to be using * by itself, which means "match the preceding 0 or more times". Normally we use "dot star" ".*" to mean "match anything no matter how long." Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be able to Google some examples. If you are searching for "Out of memory" in a log file, you can use "%Out of memory" as your regex string. I do not remember how you deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would be %Out\s+of\s+memory which removes the embedded spaces (so the Xymon parser does not think part of your regex is some other token on the commend) and also means that you will match of the is at least one whitespace character between each word -- slightly more robust than using a single space. I know the above is a jumble, but if you will post the exact string you want to match we can help you create the matching expression to help you get the hang of it. GLH On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Right now looks like this: LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory* Color=Red But if I type LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory* Color=Red I'm getting all the messages that have one of these words: out or of or memory somewhere in their string. Camelia -----Original Message----- From: Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid] Sent: Friday, September 18, 2009 1:25 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns Try making it a regex (with % prefix) instead of "simple" expression. On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Did that but it look for all messages that have one of the 3 words Thanks anyway Camelia -----Original Message----- From: Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid] Sent: Friday, September 18, 2009 11:22 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns I think it's: HOST=my.host.com <http://my.host.com/>; LOG /var/log/messages "out of memory" COLOR=red Not tested. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded. -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.
list Camelia Anghel
Yes, that's a start. Thanks,
▸
camelia
-----Original Message-----
From: Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
Sent: Friday, September 18, 2009 3:56 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] how to search for exact word patterns
Wouldn't that work for you at least at this point?
On 9/18/09, Ryan Novosielski <user-ae4522577e16@xymon.invalid> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "." is a single character. Josh Luthman wrote:I thought it was a dot from the example from help. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 3:08 PM, Greg Hubbard <user-435e16ecfd6a@xymon.invalid <mailto:user-435e16ecfd6a@xymon.invalid>> wrote: Yes -- you only need one % at the beginning of your string to tell Xymon you are going to use a regular expression. You do not need the other % unless they are expected to appear in the log. When using a regular expression, the | character means "or". So if your example will "fire" if any message contains and of those words. Also you seem to be using * by itself, which means "match the preceding 0 or more times". Normally we use "dot star" ".*" to mean "match anything no matter how long." Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be able to Google some examples. If you are searching for "Out of memory" in a log file, you can use "%Out of memory" as your regex string. I do not remember how you deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would be %Out\s+of\s+memory which removes the embedded spaces (so the Xymon parser does not think part of your regex is some other token on the commend) and also means that you will match of the is at least one whitespace character between each word -- slightly more robust than using a single space. I know the above is a jumble, but if you will post the exact string you want to match we can help you create the matching expression to help you get the hang of it. GLH On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid <mailto:user-56034f999072@xymon.invalid>> wrote: Right now looks like this: LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory* Color=Red But if I type LOG /var/log/messages
%failure*|%failed*|%error*|%Warning*|%out
of memory* Color=Red I'm getting all the messages that have one of these words:
out
or of or memory somewhere in their string. Camelia -----Original Message----- *From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid <mailto:user-435e16ecfd6a@xymon.invalid>] *Sent**:* Friday, September 18, 2009 1:25 PM *To:* user-ae9b8668bcde@xymon.invalid <mailto:user-ae9b8668bcde@xymon.invalid> *Subject:* Re: [hobbit] how to search for exact word patterns Try making it a regex (with % prefix) instead of "simple" expression. On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid <mailto:user-56034f999072@xymon.invalid>> wrote: Did that but it look for all messages that have one of the 3 words Thanks anyway Camelia -----Original Message----- *From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid <mailto:user-4c45a83f15cb@xymon.invalid>] *Sent:* Friday, September 18, 2009 11:22 AM *To:* user-ae9b8668bcde@xymon.invalid <mailto:user-ae9b8668bcde@xymon.invalid> *Subject:* Re: [hobbit] how to search for exact word patterns I think it's: HOST=my.host.com <http://my.host.com/>; LOG /var/log/messages "out of memory" COLOR=red Not tested. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel
<user-56034f999072@xymon.invalid
<mailto:user-56034f999072@xymon.invalid>> wrote: Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded. -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.- -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |user-ae4522577e16@xymon.invalid - 973/972.0922
(2-0922)
\__/ Univ. of Med. and Dent.|IST/CST - NJMS Medical Science Bldg -
C630
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqz5OQACgkQmb+gadEcsb6/AQCeMHINp1FT58/yxJhGDV9jjDYf 2UQAoJOd++iahFVlFX1RNwrgarLQ03lT =0XEa -----END PGP SIGNATURE-----
-- Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle
list Camelia Anghel
Greg, That worked!!! Thanks a lot!
▸
Camelia -----Original Message----- From: Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid] Sent: Friday, September 18, 2009 3:09 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns Yes -- you only need one % at the beginning of your string to tell Xymon you are going to use a regular expression. You do not need the other % unless they are expected to appear in the log. When using a regular expression, the | character means "or". So if your example will "fire" if any message contains and of those words. Also you seem to be using * by itself, which means "match the preceding 0 or more times". Normally we use "dot star" ".*" to mean "match anything no matter how long." Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be able to Google some examples. If you are searching for "Out of memory" in a log file, you can use "%Out of memory" as your regex string. I do not remember how you deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would be %Out\s+of\s+memory which removes the embedded spaces (so the Xymon parser does not think part of your regex is some other token on the commend) and also means that you will match of the is at least one whitespace character between each word -- slightly more robust than using a single space. I know the above is a jumble, but if you will post the exact string you want to match we can help you create the matching expression to help you get the hang of it. GLH On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Right now looks like this: LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory* Color=Red But if I type LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory* Color=Red I'm getting all the messages that have one of these words: out or of or memory somewhere in their string. Camelia -----Original Message----- From: Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid] Sent: Friday, September 18, 2009 1:25 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns Try making it a regex (with % prefix) instead of "simple" expression. On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Did that but it look for all messages that have one of the 3 words Thanks anyway Camelia -----Original Message----- From: Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid] Sent: Friday, September 18, 2009 11:22 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns I think it's: HOST=my.host.com <http://my.host.com/>; LOG /var/log/messages "out of memory" COLOR=red Not tested. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded. -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.
list Greg Hubbard
Glad to be of service, and thank you very much for posting the results in case others are interested! GLH
▸
On 9/21/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Greg,
That worked!!!
Thanks a lot!
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent:* Friday, September 18, 2009 3:09 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Yes -- you only need one % at the beginning of your string to tell Xymon
you are going to use a regular expression. You do not need the other %
unless they are expected to appear in the log.
When using a regular expression, the | character means "or". So if your
example will "fire" if any message contains and of those words. Also you
seem to be using * by itself, which means "match the preceding 0 or more
times". Normally we use "dot star" ".*" to mean "match anything no matter
how long."
Regular expressions are a bit of a mystery, but are very powerful. Xymon
uses Perl-compatible regular expressons (PCRE) so you might be able to
Google some examples.
If you are searching for "Out of memory" in a log file, you can use "%Out
of memory" as your regex string. I do not remember how you deal with spaces
in the string and the Xymon help is not helpful. One way to do it would be
to change your spaces into \s+ so it would be %Out\s+of\s+memory which
removes the embedded spaces (so the Xymon parser does not think part of your
regex is some other token on the commend) and also means that you will match
of the is at least one whitespace character between each word -- slightly
more robust than using a single space.
I know the above is a jumble, but if you will post the exact string you
want to match we can help you create the matching expression to help you get
the hang of it.
GLH
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Right now looks like this:
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory*
Color=Red
But if I type
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory*
Color=Red
I’m getting all the messages that have one of these words: out or of or
memory somewhere in their string.
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent:* Friday, September 18, 2009 1:25 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Try making it a regex (with % prefix) instead of "simple" expression.
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
-- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.
list Josh Luthman
Could you post your working config, please?
▸
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Mon, Sep 21, 2009 at 3:00 PM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Greg,
That worked!!!
Thanks a lot!
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent:* Friday, September 18, 2009 3:09 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Yes -- you only need one % at the beginning of your string to tell Xymon
you are going to use a regular expression. You do not need the other %
unless they are expected to appear in the log.
When using a regular expression, the | character means "or". So if your
example will "fire" if any message contains and of those words. Also you
seem to be using * by itself, which means "match the preceding 0 or more
times". Normally we use "dot star" ".*" to mean "match anything no matter
how long."
Regular expressions are a bit of a mystery, but are very powerful. Xymon
uses Perl-compatible regular expressons (PCRE) so you might be able to
Google some examples.
If you are searching for "Out of memory" in a log file, you can use "%Out
of memory" as your regex string. I do not remember how you deal with spaces
in the string and the Xymon help is not helpful. One way to do it would be
to change your spaces into \s+ so it would be %Out\s+of\s+memory which
removes the embedded spaces (so the Xymon parser does not think part of your
regex is some other token on the commend) and also means that you will match
of the is at least one whitespace character between each word -- slightly
more robust than using a single space.
I know the above is a jumble, but if you will post the exact string you
want to match we can help you create the matching expression to help you get
the hang of it.
GLH
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Right now looks like this:
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory*
Color=Red
But if I type
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory*
Color=Red
I’m getting all the messages that have one of these words: out or of or
memory somewhere in their string.
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent:* Friday, September 18, 2009 1:25 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Try making it a regex (with % prefix) instead of "simple" expression.
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
list Josh Luthman
Could you post your working config, please? Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:00 PM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Greg,
That worked!!!
Thanks a lot!
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent:* Friday, September 18, 2009 3:09 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Yes -- you only need one % at the beginning of your string to tell Xymon
you are going to use a regular expression. You do not need the other %
unless they are expected to appear in the log.
When using a regular expression, the | character means "or". So if your
example will "fire" if any message contains and of those words. Also you
seem to be using * by itself, which means "match the preceding 0 or more
times". Normally we use "dot star" ".*" to mean "match anything no matter
how long."
Regular expressions are a bit of a mystery, but are very powerful. Xymon
uses Perl-compatible regular expressons (PCRE) so you might be able to
Google some examples.
If you are searching for "Out of memory" in a log file, you can use "%Out
of memory" as your regex string. I do not remember how you deal with spaces
in the string and the Xymon help is not helpful. One way to do it would be
to change your spaces into \s+ so it would be %Out\s+of\s+memory which
removes the embedded spaces (so the Xymon parser does not think part of your
regex is some other token on the commend) and also means that you will match
of the is at least one whitespace character between each word -- slightly
more robust than using a single space.
I know the above is a jumble, but if you will post the exact string you
want to match we can help you create the matching expression to help you get
the hang of it.
GLH
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Right now looks like this:
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory*
Color=Red
But if I type
LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory*
Color=Red
I’m getting all the messages that have one of these words: out or of or
memory somewhere in their string.
Camelia
-----Original Message-----
*From:* Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid]
*Sent:* Friday, September 18, 2009 1:25 PM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
Try making it a regex (with % prefix) instead of "simple" expression.
On 9/18/09, *Camelia Anghel* <user-56034f999072@xymon.invalid> wrote:
Did that but it look for all messages that have one of the 3 words
Thanks anyway
Camelia
-----Original Message-----
*From:* Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
*Sent:* Friday, September 18, 2009 11:22 AM
*To:* user-ae9b8668bcde@xymon.invalid
*Subject:* Re: [hobbit] how to search for exact word patterns
I think it's:
HOST=my.host.com
LOG /var/log/messages "out of memory" COLOR=red
Not tested.
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote:
Hello all,
I am trying to set up an alert to search for exact word patterns in
/var/log/messages. For example: "Out of Memory"
Any help would be appreciated.
Thanks,
Camelia
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
--
Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3)
my advice is worth at least as much as what you are paying for it, or your
money cheerfully refunded.
list Camelia Anghel
Sorry I was off yesterday... Here it goes, I tested first for string "session opened for user root" and here is how the log entry looks like in the hobbit-clients.cfg for one of client servers LOG /var/log/messages %failure*|failed*|error*|Warning*|session\s+opened\s+for\s+user\s+root*| Out\s+of\s+Memory* COLOR=red GROUP=admin
▸
Thanks, Camelia -----Original Message----- From: Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid] Sent: Monday, September 21, 2009 4:08 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns Could you post your working config, please? Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:00 PM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Greg, That worked!!! Thanks a lot! Camelia -----Original Message----- From: Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid] Sent: Friday, September 18, 2009 3:09 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns Yes -- you only need one % at the beginning of your string to tell Xymon you are going to use a regular expression. You do not need the other % unless they are expected to appear in the log. When using a regular expression, the | character means "or". So if your example will "fire" if any message contains and of those words. Also you seem to be using * by itself, which means "match the preceding 0 or more times". Normally we use "dot star" ".*" to mean "match anything no matter how long." Regular expressions are a bit of a mystery, but are very powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be able to Google some examples. If you are searching for "Out of memory" in a log file, you can use "%Out of memory" as your regex string. I do not remember how you deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would be %Out\s+of\s+memory which removes the embedded spaces (so the Xymon parser does not think part of your regex is some other token on the commend) and also means that you will match of the is at least one whitespace character between each word -- slightly more robust than using a single space. I know the above is a jumble, but if you will post the exact string you want to match we can help you create the matching expression to help you get the hang of it. GLH On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Right now looks like this: LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%memory* Color=Red But if I type LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out of memory* Color=Red I'm getting all the messages that have one of these words: out or of or memory somewhere in their string. Camelia -----Original Message----- From: Greg Hubbard [mailto:user-435e16ecfd6a@xymon.invalid] Sent: Friday, September 18, 2009 1:25 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns Try making it a regex (with % prefix) instead of "simple" expression. On 9/18/09, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Did that but it look for all messages that have one of the 3 words Thanks anyway Camelia -----Original Message----- From: Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid] Sent: Friday, September 18, 2009 11:22 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] how to search for exact word patterns I think it's: HOST=my.host.com <http://my.host.com/>; LOG /var/log/messages "out of memory" COLOR=red Not tested. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <user-56034f999072@xymon.invalid> wrote: Hello all, I am trying to set up an alert to search for exact word patterns in /var/log/messages. For example: "Out of Memory" Any help would be appreciated. Thanks, Camelia -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded. -- Disclaimer: 1) all opinions are my own, 2) I may be completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.