<font size=2 face="sans-serif">A few very useful ways I recently found
to test the regular expressions with xymon are the pcretest and hobbitd_client
command.</font>
<br>
<br><font size=2 face="sans-serif">-bash-3.2$ pcretest</font>
<br><font size=2 face="sans-serif">PCRE version 6.6 06-Feb-2006</font>
<br>
<br><font size=2 face="sans-serif"> re> /^asd$/</font>
<br><font size=2 face="sans-serif">data> asdf</font>
<br><font size=2 face="sans-serif">No match</font>
<br><font size=2 face="sans-serif">data> asd</font>
<br><font size=2 face="sans-serif"> 0: asd</font>
<br>
<br><font size=2 face="sans-serif">[root@zenls01h ~]# su - xymon</font>
<br><font size=2 face="sans-serif">-bash-3.2$ ./server/bin/bbcmd hobbitd_client
--test</font>
<br><font size=2 face="sans-serif">2010-02-06 19:39:42 Using default environment
file /usr/lib64/xymon/server/etc/hobbitserver.cfg</font>
<br><font size=2 face="sans-serif">Hostname (.=end, ?=dump, !=reload) []:</font>
<br>
<br><font size=2 face="sans-serif">From there you can try out the host
name that's not matching up as well as the test.</font>
<br>
<br><font size=2 face="sans-serif">Hope that helps in your troubleshooting;
helped me remove some entries in the hobbit-clients and hobbit-alerts that
were causing issues.</font>
<br>
<br><font size=2 face="sans-serif">Good luck,</font>
<br><font size=2 face="sans-serif">Matt.</font>
<br>
<br><font size=2 face="sans-serif">Unix System Administrator<br>
Computer Science Corporation<br>
General Dynamics Land Systems<br>
38500 Mound Rd.<br>
Sterling Heights, MI. 48310<br>
Desk: (586) 825-8294<br>
Oracle IM: moldvanm<br>
<br>
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. <br>
NOTE: Regardless of content, this e-mail shall not operate to bind CSC
to any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">From:</font>
<td><font size=1 face="sans-serif">Kii NODA <kii.noda@gmail.com></font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">To:</font>
<td><font size=1 face="sans-serif">hobbit@hswn.dk</font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">Date:</font>
<td><font size=1 face="sans-serif">01/28/2010 04:58 PM</font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">Subject:</font>
<td><font size=1 face="sans-serif">[hobbit] Re: Alerts - HOSTS matching
regular expressions.</font></table>
<br>
<hr noshade>
<br>
<br>
<br><font size=3>Hi everyone,<br>
<br>
After doing some testing I can say we've elegantly solved the problem caused
by "HOST=%^asd$" matching both hosts named "asd" and
"asdf" despite the "$" at the end. We've added a "STOP"
rule at the end of the "special" rules that only alert CTO &
CEO of Junkyard.<br>
<br>
The problem still remains, however.<br>
<br>
The new, most elegant ruleset thus far, follows:<br>
<br>
--- cut here ---<br>
HOST=junkyard-starbox-v_trash<br>
MAIL=cto@junkyard.tld<br>
STOP<br>
<br>
HOST=junkyard-starbox-x_dustbin<br>
MAIL=ceo@junkyard.tld<br>
STOP<br>
<br>
HOST=*<br>
MAIL=stars@sysadmins.tld REPEAT=60 RECOVERED NOTICE COLOR=purple,yellow<br>
MAIL=stars@sysadmins.tld REPEAT=10 RECOVERED NOTICE COLOR=red<br>
MAIL=cto@sysadmins.tld DURATION>60 REPEAT=60 RECOVERED NOTICE
COLOR=purple,yellow<br>
MAIL=cto@sysadmins.tld DURATION>30 REPEAT=60 RECOVERED NOTICE
COLOR=red<br>
--- and here ---<br>
<br>
</font>
<br><font size=3>On Thu, Jan 28, 2010 at 10:45 PM, Kii NODA <</font><a href=mailto:kii.noda@gmail.com><font size=3 color=blue><u>kii.noda@gmail.com</u></font></a><font size=3>>
wrote:</font>
<br><font size=3>Hi everyone,<br>
<br>
As you may have already been aware by now, we're here to stay. :)<br>
<br>
Here's one interesting problem (and maybe simple) for you: We've seen that
"HOST=%^asd$" matches both hosts named "asd" and "asdf",
not respecting the "$" at the end. Can you guys please confirm
that regex matching for "HOST=" does not care about the "$"
sign?<br>
<br>
For those that need some expanded case-study (all others can now stop),
here's the story behind: we are managing various servers of ours and our
customers. Due to the fact that we do not control DNS entries for all these
machines we have come up with a naming scheme like this:<br>
<br>
--- cut here ---<br>
junkyard-starbox # clientID=junkyard, starbox=actual machine<br>
junkyard-starbox-v_trash # v_trash=vserver named trash running on starbox<br>
junkyard-starbox-v_trashcan # v_trashcan=vserver named trashcan running
on starbox<br>
junkyard-starbox-x_dustbin # x_dustbin=xen server running on starbox<br>
--- and here ---<br>
<br>
We need to send these "special" alerts:<br>
* ONLY cto@junkyard.tld for events on junkyard-starbox-v_trash<br>
* ONLY ceo@junkyard.tld for events on junkyard-starbox-x_dustbin<br>
<br>
Also, we need to send these alerts for all other hosts & events:<br>
* stars@sysadmins.tld for purple, yellow & red w/ REPEAT=60<br>
* cto@sysadmins.tld for red w/ DURATION>30 and REPEAT=60<br>
* cto@sysadmins.tld for yellow&purple w/ DURATION>60 and REPEAT=60<br>
<br>
Exercising our brain muscles we came up with these:<br>
--- cut here ---<br>
#alert CTO for v_trash<br>
HOST=junkyard-starbox-v_trash<br>
MAIL=cto@junkyard.tld<br>
<br>
#alert CEO for x_dustbin<br>
HOST=junkyard-starbox-x_dustbin<br>
MAIL=ceo@junkyard.tld<br>
<br>
#stop alerting for the private boxes above<br>
HOST=*<br>
IGNORE HOST=%^junkyard-starbox-(v_trash|x_dustbin)$<br>
<br>
HOST=* COLOR=purple,yellow<br>
MAIL=stars@sysadmins.tld REPEAT=60 RECOVERED NOTICE<br>
MAIL=cto@sysadmins.tld DURATION>60 REPEAT=60 RECOVERED NOTICE<br>
<br>
HOST=* COLOR=red<br>
MAIL=stars@sysadmins.tld REPEAT=10 RECOVERED NOTICE<br>
MAIL=cto@sysadmins.tld DURATION>30 REPEAT=60 RECOVERED NOTICE<br>
--- and here ---<br>
<br>
However, even with the "$" at the end of our regex we are no
longer receiving any alerts for v_trashcan because the regex wrongly matches
on the "IGNORE HOST=" line. We could use 2 lines to match each
host on its own line but that's not the point of this exercise.<br>
<br>
So, can anyone confirm our finding?<br>
-- </font><font size=3 color=#8f8f8f><br>
kN</font>
<br><font size=3><br>
<br>
<br>
-- <br>
kN</font>
<br>
<br>