[Xymon] Regular expression

McDonald, Dan Dan.McDonald at austinenergy.com
Thu Sep 22 17:42:36 CEST 2011




On 9/22/11 7:54 AM, "Neil Simmonds" <Neil.Simmonds at express-gifts.co.uk>
wrote:

> Hi all,
>  
> I¹m trying to monitor a Windows event log for an error,
>  
> I¹ve got BBWin 0.12 installed in central mode and I¹ve successfully got the
> eventlogs showing up in messages,
>  
> However if I get an error from Backup Exec similar to this,
>  
> error - 2011/09/22 13:30:00 - Backup Exec System Recovery (100) - Error
> EC8F17B7: Cannot create recovery points for job: BACKUP_SCHED_01_30_SAT. Error
> E7B70001: Win32/Win64 API DeviceIoControl(IOCTL_VSNAP_VDIFF_STOP) failed.
> Error EBAB03F1: The device does not recognize the command. Details: 0xE7B70001
> Source: Backup Exec System Recovery
>  
> Despite the fact that I have this, ³LOG eventlog:Application %(Backup Exec
> System Recovery\.+?|Error) COLOR=yellow² in my analysis.cfg file the color
> doesn¹t change.

Why did you escape the . ?  If you remove the \ in front of the ., it might
work better.

I don't think you need to specify greediness either.

In other projects we tend to be very suspicious of unqualified .+
expansions, as they can consume a lot of memory.  You might try something
like:
%(Backup Exec System Recovery.{1,50}Error)

That is read as "look for the exact words "Backup Exec System Recovery",
followed by the word "Error" no more than 50 characters later..."


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20110922/eb4b92a1/attachment.html>


More information about the Xymon mailing list