Ad Widget

**dafus** · 11-02-2016, 09:31

Anyone?

Any ideas?

**Firm** · 11-02-2016, 13:39

What regexp does not work?

**dafus** · 12-02-2016, 11:17

I used "POST /sso/login?service=https%3A%2F%2Fwww.somewww.com%2Fj_sp ring_cas_security_check HTTP/1.1" as regexp.

**Firm** · 12-02-2016, 11:47

Some characters, like ?, have special meanings in regexp. Specify what string/pattern you are trying to catch?

**dafus** · 15-02-2016, 09:50

I have something like this in my log file:

xx.xxx.xx.xx - - [02/Jul/2015:15:22:49 +0200] "POST /sso/login?service=https%3A%2F%2Fwww.somewww.com%2Fj_sp ring_cas_security_check HTTP/1.1" 302 - 0/181459

I would like extract (for example) 0/181459 value, so I use "POST /sso/login?service=https%3A%2F%2Fwww.somewww.com%2Fj_sp ring_cas_security_check HTTP/1.1" as my regexp.

**Firm** · 16-02-2016, 04:10

Try this (extracts last field in your example):

Code:

log[/var/log/nginx/access.log," ([0-9]+/[0-9]+)$",,,,\1]

**dafus** · 17-02-2016, 10:47

Thank you Firm.

It could work, but i have in my log lines like 10.168.5.13 - - [30/Sep/2015:03:52:14 +0200] "GET /service/v1/users/[email protected] HTTP/1.1" 200 3333 0/17324 and many more. This is the reason why i have to use regexp.

**Firm** · 17-02-2016, 10:51

Expression above matched all lines that ends with

<exactly one any digit>/<any digits - one or more>

P.S. If you are trying to keep your server logs in one place you may take a look on ELK stack.

**dafus** · 17-02-2016, 13:33

Each line in my Apache log has 1 digit/6 digits at the end of line. This is request duration time in seconds/microseconds format. But i want monitor only lines wchich contain "POST /sso/login?service=https%3A%2F%2Fwww.somewww.com%2Fj_sp ring_cas_security_check HTTP/1.1" because those lines are logging to web lines. I would like to have alert from Zabbix when logging time exceeds 2 seconds. Is it possible?

**Firm** · 18-02-2016, 11:37

Exactly this string? Or strings that have POST? Or strings that have "j_sp ring_cas_security_check"? Can you specify criteria?

**dafus** · 19-02-2016, 16:15

Exactly this string

This is my problem that string is so long

I made it in bash, and i use User_Parametr.

**Firm** · 20-02-2016, 13:51

Does this work?

Code:

log[access.log,"POST /sso/login\?service=https%3A%2F%2Fwww.somewww.com%2Fj_sp ring_cas_security_check HTTP/1.1"]

**djp210** · 23-08-2016, 20:36

It appears the Item cannot be any longer than 256 characters, including the regex itself.

log[/path/to/log,"(your regex here")]

All that must be 256 characters or less. At least that's the case in Zabbix 3.0.

Ad Widget

regexp in log[]

regexp in log[]

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment