Ad Widget

Collapse

RegExp Negation in Logfile Monitoring

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • mbrand5371
    Member
    • May 2009
    • 55
    #1

    RegExp Negation in Logfile Monitoring

    We have an LogFile Item with the following item key:
    Code:
    log[/var/log/messages,"[E|e]xiting|[E|e]xited|[T|t]erminating|[T|t]erminated|[F|f]ailing|[F|f]ailed|[S|s]tarting|[S|s]tarted|[R|r]estart|[S|s]hutdown"]
    The actual trigger is defined as:
    Code:
    {LSKN discovered Template LOG linux messages:log[/var/log/messages,"[E|e]xiting|[E|e]xited|[T|t]erminating|[T|t]erminated|[F|f]ailing|[F|f]ailed|[S|s]tarting|[S|s]tarted|[R|r]estart|[S|s]hutdown"].nodata(120)}#1
    So we get all the words defined in the regex fine.
    But there are entrys in the log like:
    Code:
    ftp.proxy[30845]: +OK: proxy terminating
    We want to exclude. Anyone an idea how to get this ?
    Regards, Marcus
    Tags: None
    • danrog
      Senior Member
      • Sep 2009
      • 164
      #2
      Because you are using brackets, you should just be able to do the following without the "OR":

      Code:
      log[/var/log/messages,"[Ee]xiting|[Ee]xited|[Tt]erminating|[Tt]erminated|[Ff]ailing|[Ff]ailed|[Ss]tarting|[Ss]tarted|[Rr]estart|[Ss]hutdown"]

        Comment

        • mbrand5371
          Member
          • May 2009
          • 55
          #3
          Ok, your syntax is slightly other than mine.
          But my scope is to get an trigger if, for example, an agent or daemon is sending an entry with the keywords to the log, while it is changing his status. I don't want to get the trigger if, for example, an ftp.proxy user is terminating his session.

          Currently the item is matching for the keyword "terminating" and i need to exclude the ftp.proxy user session "terminating" string from this match.

          Regards, Marcus

            Comment

            Previous template Next
            Working...