[hobbit] how to search for exact word patterns
Camelia Anghel
canghel at cjh.org
Mon Sep 21 17:13:57 CEST 2009
Yes, that's a start.
Thanks,
camelia
-----Original Message-----
From: Josh Luthman [mailto:josh at imaginenetworksllc.com]
Sent: Friday, September 18, 2009 3:56 PM
To: hobbit at hswn.dk
Subject: Re: [hobbit] how to search for exact word patterns
Wouldn't that work for you at least at this point?
On 9/18/09, Ryan Novosielski <novosirj at umdnj.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "." is a single character.
>
> Josh Luthman wrote:
>> I thought it was a dot from the example from help.
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> "When you have eliminated the impossible, that which remains, however
>> improbable, must be the truth."
>> --- Sir Arthur Conan Doyle
>>
>>
>> On Fri, Sep 18, 2009 at 3:08 PM, Greg Hubbard <glh.forums at gmail.com
>> <mailto:glh.forums at gmail.com>> wrote:
>>
>> Yes -- you only need one % at the beginning of your string to
tell
>> Xymon you are going to use a regular expression. You do not need
>> the other % unless they are expected to appear in the log.
>>
>> When using a regular expression, the | character means "or". So
if
>> your example will "fire" if any message contains and of those
>> words. Also you seem to be using * by itself, which means "match
>> the preceding 0 or more times". Normally we use "dot star" ".*"
to
>> mean "match anything no matter how long."
>>
>> Regular expressions are a bit of a mystery, but are very
powerful.
>> Xymon uses Perl-compatible regular expressons (PCRE) so you might
be
>> able to Google some examples.
>>
>> If you are searching for "Out of memory" in a log file, you can
use
>> "%Out of memory" as your regex string. I do not remember how you
>> deal with spaces in the string and the Xymon help is not helpful.
>> One way to do it would be to change your spaces into \s+ so it
would
>> be %Out\s+of\s+memory which removes the embedded spaces (so the
>> Xymon parser does not think part of your regex is some other
token
>> on the commend) and also means that you will match of the is at
>> least one whitespace character between each word -- slightly more
>> robust than using a single space.
>>
>> I know the above is a jumble, but if you will post the exact
string
>> you want to match we can help you create the matching expression
to
>> help you get the hang of it.
>>
>> GLH
>>
>> On 9/18/09, *Camelia Anghel* <canghel at cjh.org
>> <mailto:canghel at cjh.org>> wrote:
>>
>> Right now looks like this:
>>
>>
>>
>> LOG /var/log/messages
>> %failure*|%failed*|%error*|%Warning*|%memory* Color=Red
>>
>>
>>
>> But if I type
>>
>> LOG /var/log/messages
%failure*|%failed*|%error*|%Warning*|%out
>> of memory* Color=Red
>>
>>
>>
>> I'm getting all the messages that have one of these words:
out
>> or of or memory somewhere in their string.
>>
>>
>>
>> Camelia
>>
>> -----Original Message-----
>> *From:* Greg Hubbard [mailto:glh.forums at gmail.com
>> <mailto:glh.forums at gmail.com>]
>> *Sent**:* Friday, September 18, 2009 1:25 PM
>> *To:* hobbit at hswn.dk <mailto:hobbit at hswn.dk>
>> *Subject:* Re: [hobbit] how to search for exact word patterns
>>
>>
>>
>> Try making it a regex (with % prefix) instead of "simple"
>> expression.
>>
>> On 9/18/09, *Camelia Anghel* <canghel at cjh.org
>> <mailto:canghel at cjh.org>> wrote:
>>
>> Did that but it look for all messages that have one of the 3
words
>>
>> Thanks anyway
>>
>> Camelia
>>
>>
>>
>> -----Original Message-----
>> *From:* Josh Luthman [mailto:josh at imaginenetworksllc.com
>> <mailto:josh at imaginenetworksllc.com>]
>> *Sent:* Friday, September 18, 2009 11:22 AM
>> *To:* hobbit at hswn.dk <mailto:hobbit at hswn.dk>
>> *Subject:* Re: [hobbit] how to search for exact word patterns
>>
>>
>>
>> I think it's:
>>
>> HOST=my.host.com <http://my.host.com/>
>> LOG /var/log/messages "out of memory" COLOR=red
>>
>> Not tested.
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> "When you have eliminated the impossible, that which remains,
>> however improbable, must be the truth."
>> --- Sir Arthur Conan Doyle
>>
>> On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel
<canghel at cjh.org
>> <mailto:canghel at cjh.org>> wrote:
>>
>>
>> Hello all,
>> I am trying to set up an alert to search for exact word
patterns
>> in
>> /var/log/messages. For example: "Out of Memory"
>>
>> Any help would be appreciated.
>>
>> Thanks,
>> Camelia
>>
>> To unsubscribe from the hobbit list, send an e-mail to
>> hobbit-unsubscribe at hswn.dk
<mailto:hobbit-unsubscribe at hswn.dk>
>>
>>
>>
>>
>>
>>
>> --
>> Disclaimer: 1) all opinions are my own, 2) I may be
completely
>> wrong, 3) my advice is worth at least as much as what you are
>> paying for it, or your money cheerfully refunded.
>>
>>
>>
>>
>> --
>> Disclaimer: 1) all opinions are my own, 2) I may be completely
>> wrong, 3) my advice is worth at least as much as what you are
paying
>> for it, or your money cheerfully refunded.
>>
>>
>
>
> - --
> ---- _ _ _ _ ___ _ _ _
> |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II
> |$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922
(2-0922)
> \__/ Univ. of Med. and Dent.|IST/CST - NJMS Medical Science Bldg -
C630
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkqz5OQACgkQmb+gadEcsb6/AQCeMHINp1FT58/yxJhGDV9jjDYf
> 2UQAoJOd++iahFVlFX1RNwrgarLQ03lT
> =0XEa
> -----END PGP SIGNATURE-----
>
>
>
--
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
"When you have eliminated the impossible, that which remains, however
improbable, must be the truth."
--- Sir Arthur Conan Doyle
To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe at hswn.dk
More information about the Xymon
mailing list