[hobbit] BBWin help - msgs perl expressions
Ben
azlobo73 at gmail.com
Tue Mar 11 21:42:22 CET 2008
On Mon, Mar 10, 2008 at 11:12 AM, Jason Chambers
<Jason.Chambers at geosoft.com> wrote:
>
>
>
>
> Hi All,
>
>
>
> I'm not too sure how to write perl expressions, but I was wondering if
> someone can give me assistance. I get these alerts from BBWIN:
>
>
>
> red 2008-Mar-10 13:56:10 [xxx.geosoft.com] &red application: error -
> 2008/03/10 13:55:51 - MMReceiver (3506) - n/a "Possible SMTP attack. From
> 192.168.xxx.xxx - received 20 RSET requests"
>
Whether you are using local or central mode in the Windows bbwin.cfg
file will determine whether these need to be added to thebbwin.cfg
file on the client windows system or to the hobbit-clients.cfg on the
server (respectfully). Syntax for these files is covered in each
location and/or by examples from either the hobbit website or the help
file for bbwin.
One or more of these should do the trick (note that the dollar sign at
the end denotes that "requests" is expected to be the very end of the
string; see the links below for more information on regex's):
*should work:
%.received [0-9]* RSET requests$
*should work, "ignore 0-99, but not 100+ requests"
%.received [0-9]{1,2} RSET requests$
*could work, if "\d" (any digit) works
%.received \d* RSET requests$
will work, but is most broad is scope (which probably wouldn't matter
in this case, but...)
%.received .* RSET requests$
(* implementations of regex's differ in what set or subset of regular
expression syntax is supported)
Tutorial Information on Regular Expressions (or "regex's"):
http://www.regular-expressions.info/
http://www.regular-expressions.info/reference.html
Ben
>
>
>
>
> But want to write a perl expression to ignore all those messages even if the
> "received ## RSET requests" Can someone write me the code on how to go about
> doing this? I want to learn incase I have future needs for it.
>
>
>
>
>
> Thanks in advanced,
>
>
>
> Jason Chambers
> IT Help Desk Associate
>
> GEOSOFT INC.
> freedom to explore
> T +1 416.369.0111 #344
> F +1 416.369.9599
>
> Visit our site at www.geosoft.com
>
>
More information about the Xymon
mailing list