[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pcre matching problem

To: hobbit (at) hswn.dk
Subject: pcre matching problem
From: Dominique Frise <Dominique.Frise (at) unil.ch>
Date: Tue, 30 Jan 2007 07:59:15 +0100
Organization: University of Lausanne
User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.2pre) Gecko/20070119 SeaMonkey/1.1

Hi,

We have following rule in hobbit-clients.cfg:

LOG /var/log/messages MATCH=%(?-i)Redundancy\slost|degraded|error|Error COLOR=red IGNORE=%(?-i)webmail.exe.*segfault\sat|register_security|asking\sfor\scache\sdata|Outstream\sdata\sxfer\serror|cdrom|pam_ldap:\serror\strying\sto\sbind\sas HOST=zeb1,zeb2

According to this, the line "Jan 29 21:05:52 zeb2 kernel: webmail.exe[30786]: segfault at 000000009980e286 rip 000000009980e286 rsp 00000000ffff8800 error 14" in /var/log/messages of host zeb2 should NOT raise a red alert (IGNORE) but it does :-(


The pcre test shows correct matching:

[bb (at) iris etc]$ pcretest
PCRE version 4.5 01-December-2003

re> /(?-i)webmail.exe.*segfault\sat|register_security|asking\sfor\scache\sdata|Outstream\sdata\sxfer\serror|cdrom|pam_ldap:\serror\strying\sto\sbind\sas/ data> Jan 29 21:05:52 zeb2 kernel: webmail.exe[30786]: segfault at 000000009980e286 rip 000000009980e286 rsp 00000000ffff8800 error 14 0: webmail.exe[30786]: segfault at data>


Does anybody see anything wrong?


Dominique
UNIL - University of Lausanne

Prev by Date: zoom graph feature
Next by Date: Antwort: [hobbit] Stefan's Hobbit admin scripts 0.2.3 bug
Previous by thread: Re: [hobbit] zoom graph feature
Next by thread: RE: [hobbit] Sample of Hobbit server-side module (was: Who Test)
Index(es):
- Date
- Thread