[Xymon] FW: FW: Regular expression

Neil Simmonds Neil.Simmonds at express-gifts.co.uk
Wed Sep 28 13:18:04 CEST 2011 

With some assistance from users on here I've finally managed to get this working after starting with LOG %.* %.*error.* COLOR=red. Some careful and staged refinement of the regex got me to this,

 

LOG %application "%Backup Exec System Recovery.{1,50}Error.*" COLOR=red

 

That seems to work fine and gives me the level of granularity for the failures that I wanted.

 

Thanks to all who helped.

 

________________________________

From: Lerch, Alfred [mailto:alfred_lerch at mentor.com] 
Sent: 28 September 2011 11:58
To: Neil Simmonds
Subject: RE: [Xymon] FW: Regular expression

 

I took me quite a bit of trial and horror to get log ignores to work with BBWin in central mode - and it isn't nice...

I had a lot of PowerShell entries to suppress.

Basically neither ignoring event types like success, informational etc. nor ignoring by event number seem to work. I finally went for

 

ANALYSIS.CFG

CLASS=mywinserver

        LOG     %.*  %^critical.* COLOR=red

        LOG     %.*  %^error.* COLOR=red

        LOG     %.*  %^failure.* COLOR=red

        LOG     %.*  %^warning.* COLOR=yellow

 

CLIENT-LOCAL.CFG

[mywinserver]

eventlog:windows powershell:5120

ignore Engine state is changed from None to Available

 

etc etc etc 

 

And make sure you are using the class in your bbwin.cfg on the client.

 

Good luck

 

Alfred 

 

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Neil Simmonds
Sent: Freitag, 23. September 2011 15:37
To: xymon at xymon.com
Subject: [Xymon] FW: Regular expression

 

Thanks for that Daniel,

 

It's still not working. I've even reduced it down to the following,

 

LOG eventlog:application Error COLOR=red

 

I've also tried

 

LOG eventlog_application Error COLOR=red

 

And

 

LOG application Error COLOR=red

 

All with no success. These entries are all in analysis.cfg on the server and the BBWin agent is running in central mode.

 

I'd really like to get this working if anyone can help?

 

Regards,

Neil.

________________________________

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of McDonald, Dan
Sent: 22 September 2011 16:43
To: Xymon
Subject: Re: [Xymon] Regular expression

 

 

On 9/22/11 7:54 AM, "Neil Simmonds" <Neil.Simmonds at express-gifts.co.uk>
wrote:

> Hi all,
> 
> I¹m trying to monitor a Windows event log for an error,
> 
> I¹ve got BBWin 0.12 installed in central mode and I¹ve successfully got the
> eventlogs showing up in messages,
> 
> However if I get an error from Backup Exec similar to this,
> 
> error - 2011/09/22 13:30:00 - Backup Exec System Recovery (100) - Error
> EC8F17B7: Cannot create recovery points for job: BACKUP_SCHED_01_30_SAT. Error
> E7B70001: Win32/Win64 API DeviceIoControl(IOCTL_VSNAP_VDIFF_STOP) failed.
> Error EBAB03F1: The device does not recognize the command. Details: 0xE7B70001
> Source: Backup Exec System Recovery
> 
> Despite the fact that I have this, ³LOG eventlog:Application %(Backup Exec
> System Recovery\.+?|Error) COLOR=yellow² in my analysis.cfg file the color
> doesn¹t change.

Why did you escape the . ?  If you remove the \ in front of the ., it might
work better.

I don't think you need to specify greediness either.

In other projects we tend to be very suspicious of unqualified .+
expansions, as they can consume a lot of memory.  You might try something
like:
%(Backup Exec System Recovery.{1,50}Error)

That is read as "look for the exact words "Backup Exec System Recovery",
followed by the word "Error" no more than 50 characters later..."


--
Daniel J McDonald, CCIE # 2495, CISSP # 78281


Name & Registered Office: EXPRESS GIFTS LIMITED, 2 GREGORY ST, HYDE, CHESHIRE, ENGLAND, SK14 4TH, Company No. 00718151.
Express Gifts Limited is authorised and regulated by the Financial Services Authority
-------------
NOTE: This email and any information contained within or attached in a separate file is confidential and intended solely for the Individual to whom it is addressed. The information or data included is solely for the purpose indicated or previously agreed. Any information or data included with this e-mail remains the property of Findel PLC and the recipient will refrain from utilising the information for any purpose other than that indicated and upon request will destroy the information and remove it from their records. Any views or opinions presented are solely those of the author and do not necessarily represent those of Findel PLC. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. No warranties or assurances are made in relation to the safety and content of this e-mail and any attachments. No liability is accepted for any consequences arising from it. Findel Plc reserves the right to monitor all e-mail communications through its internal and external networks. If you have received this email in error please notify our IT helpdesk on +44(0) 1254 303030


Name & Registered Office: EXPRESS GIFTS LIMITED, 2 GREGORY ST, HYDE, CHESHIRE, ENGLAND, SK14 4TH, Company No. 00718151.
Express Gifts Limited is authorised and regulated by the Financial Services Authority
 -------------
NOTE:  This email and any information contained within or attached in a separate file is confidential and intended solely for the Individual to whom it is addressed. The information or data included is solely for the purpose indicated or previously agreed. Any information or data included with this e-mail remains the property of Findel PLC and the recipient will refrain from utilising the information for any purpose other than that indicated and upon request will destroy the information and remove it from their records.  Any views or opinions presented are solely those of the author and do not necessarily represent those of Findel PLC. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. No warranties or assurances are made in relation to the safety and content of this e-mail and any attachments.  No liability is accepted for any consequences arising from it. Findel Plc reserves the right to monitor all e-mail communications through its internal and external networks. If you have received this email in error please notify our IT helpdesk on +44(0) 1254 303030
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20110928/84085516/attachment.html>

More information about the Xymon mailing list