pcre matching problem
Dominique Frise
Dominique.Frise at unil.ch
Tue Jan 30 07:59:15 CET 2007
Hi,
We have following rule in hobbit-clients.cfg:
LOG /var/log/messages MATCH=%(?-i)Redundancy\slost|degraded|error|Error
COLOR=red
IGNORE=%(?-i)webmail.exe.*segfault\sat|register_security|asking\sfor\scache\sdata|Outstream\sdata\sxfer\serror|cdrom|pam_ldap:\serror\strying\sto\sbind\sas
HOST=zeb1,zeb2
According to this, the line "Jan 29 21:05:52 zeb2 kernel: webmail.exe[30786]:
segfault at 000000009980e286 rip 000000009980e286 rsp 00000000ffff8800 error
14" in /var/log/messages of host zeb2 should NOT raise a red alert (IGNORE) but
it does :-(
The pcre test shows correct matching:
[bb at iris etc]$ pcretest
PCRE version 4.5 01-December-2003
re>
/(?-i)webmail.exe.*segfault\sat|register_security|asking\sfor\scache\sdata|Outstream\sdata\sxfer\serror|cdrom|pam_ldap:\serror\strying\sto\sbind\sas/
data> Jan 29 21:05:52 zeb2 kernel: webmail.exe[30786]: segfault at
000000009980e286 rip 000000009980e286 rsp 00000000ffff8800 error 14
0: webmail.exe[30786]: segfault at
data>
Does anybody see anything wrong?
Dominique
UNIL - University of Lausanne
More information about the Xymon
mailing list