[hobbit] alert rules
Werner Michels (Ext Lists)
wmlist_ext at terra.com.br
Thu May 5 17:44:05 CEST 2005
On Thu, 5 May 2005 11:12:07 -0400
Sue Bauer-Lee <sblee at tazmania.org> wrote:
> My epxressions here must be really confusing:
>
> $WINOPS=winops at xyz.com
>
> # CCRT Windows
> HOST="%(cctfep3*|cctapp3*|cctfep1[0-9]||cctfep0*|cctapp[0-9]|cctpdp0*|cctdbp0*)" SERVICE=conn
> (164) MAIL $WINOPS REPEAT=10 RECOVERED
>
Most regex engines match a empty "ored" string agains everything with a TRUE return. So on the "cctfep1[0-9]||cctfep0*" you have an empty "||" sequence who will posible match agains every host. Try remove one of the "|".
I didn't look at the code to be 100% sure on this.
-wm
More information about the Xymon
mailing list