Ad Widget

Collapse

Log/logrt items - matching multiline value

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ppawel
    Junior Member
    • Oct 2010
    • 1
    #1

    Log/logrt items - matching multiline value

    My use case is that I want to match Java exceptions from application log files - it is important to have whole exception in action e-mail. I can cook up a regexp but log/logrt items don't seem to accept regexps

    Is it possible to use multiline/dotall regexp in log/logrt so that the item value has multiple lines?
    Tags: None
    • hirschnf
      Member
      • Jan 2010
      • 56
      #2
      Logfile monitoring - Multilines

      oh this is an old thread but I think it's time to reopen it.
      The last day I worked on the functionality of log monitoring in Zabbix.
      And one case is also to monitor logfiles where the interesting part is more than one line.
      For example you have in the log a line with "error" and in the next line there is a description to this error. So it would be useful to get the errorline and the following line too.

      here is an example:
      Code:
      foo
foofoofoo
foofoofoofoo
error and much more
here is the description
foofoofoo
foofoofoofoo
      regular expression:
      Code:
      /^error.*\n.*$/m
      Has anybody an idea to solve this? Or it is a thing for the wish list?

        Comment

        • alusvedejs
          Junior Member
          • Jul 2011
          • 11
          #3
          i am looking for the same answer.

          are there any suggestions?

          We’ll be back soon!
          http://www.zabbix.com/forum/showthread.php?t=21015




          Originally posted by alusvedejs
          Hi!

          looks like i am searching for similar solution

          i am trying to monitor DB2 log file
          and it also writes error message in several lines

          to search for the error message in unix i use "grep -p Error"

          v7-p7-prod 11:28:34 zabbix:/home/zabbix$ tail -100000 /home/db2inst1/sqllib/db2dump/db2diag.log | grep -p Error
          2011-07-30-04.00.21.954691+180 I149135337A181 LEVEL: Error
          PID:63242488 TID:49352 NODE:000 Title: SQLP_ALRCB
          Dump File:/home/db2inst1/sqllib/db2dump/63242488.49352.000.dump.bin

          2011-07-30-04.00.21.955063+180 I149135519A578 LEVEL: Error
          PID : 63242488 TID : 49352 PROC : db2sysc 0
          INSTANCE: db2inst1 NODE : 000 DB : RIDDB2
          APPHDL : 0-57694 APPID: *LOCAL.db2inst1.110801091918
          AUTHID : CDCINST1
          EDUID : 49352 EDUNAME: db2agent (RIDDB2) 0
          FUNCTION: DB2 UDB, data protection services, sqlp_AsyncLogReadAPI, probe:210
          DATA #1 : String, 132 bytes
          Error: sqlcode -2657, rc 262144, hflag2LsnReuse 0
          action 1, startLSN 000000769C966801, endLSN 00000076D039E44A, logBufferSize 204800

          2011-07-30-05.00.34.216699+180 I149146247A181 LEVEL: Error
          PID:63242488 TID:44211 NODE:000 Title: SQLP_ALRCB
          Dump File:/home/db2inst1/sqllib/db2dump/63242488.44211.000.dump.bin

          2011-07-30-05.00.34.216921+180 I149146429A578 LEVEL: Error
          PID : 63242488 TID : 44211 PROC : db2sysc 0
          INSTANCE: db2inst1 NODE : 000 DB : RIDDB2
          APPHDL : 0-760 APPID: *LOCAL.db2inst1.110801113231
          AUTHID : CDCINST1
          EDUID : 44211 EDUNAME: db2agent (RIDDB2) 0
          FUNCTION: DB2 UDB, data protection services, sqlp_AsyncLogReadAPI, probe:210
          DATA #1 : String, 132 bytes
          Error: sqlcode -2657, rc 262144, hflag2LsnReuse 0
          action 1, startLSN 000000769E4060AB, endLSN 00000076D089C5C7, logBufferSize 204800


          but if i am not using "-p" switch for grep i get meaningless information:

          v7-p7-prod 11:29:56 zabbix:/home/zabbix$ tail -100000 /home/db2inst1/sqllib/db2dump/db2diag.log | grep Error
          2011-07-30-04.00.21.954691+180 I149135337A181 LEVEL: Error
          2011-07-30-04.00.21.955063+180 I149135519A578 LEVEL: Error

          and if i create zabbix (active) item:
          log["/home/db2inst1/sqllib/db2dump/db2diag.log","Error","UTF-8",100]

          i also get meaningless information that tells me "something is wrong there"
          but is not giving me a clue shat exactly is happening.

          how can i add "-P" flag for grep in zabbix (active) item ?

            Comment

            • vjevdokimov
              Junior Member
              • Jun 2011
              • 3
              #4
              This one is still actual. Anyone?

                Comment

                • alusvedejs
                  Junior Member
                  • Jul 2011
                  • 11
                  #5
                  yes

                  i still do not have a solution

                    Comment

                    • vjevdokimov
                      Junior Member
                      • Jun 2011
                      • 3
                      #6
                      I've just got one for log4j 1.2.16 or higher to include first line from stack trace, which has exception name and message, all other stack trace will be on new lines, but this is enough for me.

                      I just have changed org.apache.log4j.PatternLayout to org.apache.log4j.EnhancedPatternLayout, which allows me to include stack trace right after the event message %m before new line %n.

                      Original log4j pattern:

                      Code:
                      log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%5p [%t] %d{ISO8601} %m%n
                      Zabbix friendly pattern:

                      Code:
                      log4j.appender.R.layout=org.apache.log4j.EnhancedPatternLayout
log4j.appender.R.layout.ConversionPattern=%5p [%t] %d{ISO8601} %m %throwable%n
                      Try this out.

                        Comment

                        • danrog
                          Senior Member
                          • Sep 2009
                          • 164
                          #7
                          Try using this as your multiline match:

                          .*([[:space:]].*)+

                          I use this for web page regex's...

                            Comment

                            Previous template Next
                            Working...