[Xymon] Ang. FW: Regular expression

Martin Blomdahl martin.blomdahl at jonkopingenergi.se
Fri Sep 23 16:03:29 CEST 2011


Hi
I think this is a bug in bbwin in central mode.

This works for me, it gets yellow, but a lot of other things dont work.
i've given up trying any more.

put this last in analysis.cfg

CLASS=win32
LOG %.* %^failure.* COLOR=yellow 

Here is the result in Xymon



Warnings in eventlog_security

 failure - 2011/09/14 19:54:12 - Security (529) - Logon Failure: Reason: 
Unknown user name or bad password User Name:


Regards
Martin




Från:   "Neil Simmonds" <Neil.Simmonds at express-gifts.co.uk>
Till:   <xymon at xymon.com>
Datum:  2011-09-23 15:38
Ärende: [Xymon] FW:  Regular expression
Sänt av:        xymon-bounces at xymon.com



Thanks for that Daniel,
 
It?s still not working. I?ve even reduced it down to the following,
 
LOG eventlog:application Error COLOR=red
 
I?ve also tried
 
LOG eventlog_application Error COLOR=red
 
And
 
LOG application Error COLOR=red
 
All with no success. These entries are all in analysis.cfg on the server 
and the BBWin agent is running in central mode.
 
I?d really like to get this working if anyone can help?
 
Regards,
Neil.

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf 
Of McDonald, Dan
Sent: 22 September 2011 16:43
To: Xymon
Subject: Re: [Xymon] Regular expression
 


On 9/22/11 7:54 AM, "Neil Simmonds" <Neil.Simmonds at express-gifts.co.uk>
wrote:

> Hi all,
> 
> I¹m trying to monitor a Windows event log for an error,
> 
> I¹ve got BBWin 0.12 installed in central mode and I¹ve successfully got 
the
> eventlogs showing up in messages,
> 
> However if I get an error from Backup Exec similar to this,
> 
> error - 2011/09/22 13:30:00 - Backup Exec System Recovery (100) - Error
> EC8F17B7: Cannot create recovery points for job: BACKUP_SCHED_01_30_SAT. 
Error
> E7B70001: Win32/Win64 API DeviceIoControl(IOCTL_VSNAP_VDIFF_STOP) 
failed.
> Error EBAB03F1: The device does not recognize the command. Details: 
0xE7B70001
> Source: Backup Exec System Recovery
> 
> Despite the fact that I have this, ³LOG eventlog:Application %(Backup 
Exec
> System Recovery\.+?|Error) COLOR=yellow² in my analysis.cfg file the 
color
> doesn¹t change.

Why did you escape the . ?  If you remove the \ in front of the ., it 
might
work better.

I don't think you need to specify greediness either.

In other projects we tend to be very suspicious of unqualified .+
expansions, as they can consume a lot of memory.  You might try something
like:
%(Backup Exec System Recovery.{1,50}Error)

That is read as "look for the exact words "Backup Exec System Recovery",
followed by the word "Error" no more than 50 characters later..."


--
Daniel J McDonald, CCIE # 2495, CISSP # 78281

Name & Registered Office: EXPRESS GIFTS LIMITED, 2 GREGORY ST, HYDE, 
CHESHIRE, ENGLAND, SK14 4TH, Company No. 00718151.
Express Gifts Limited is authorised and regulated by the Financial 
Services Authority
-------------
NOTE: This email and any information contained within or attached in a 
separate file is confidential and intended solely for the Individual to 
whom it is addressed. The information or data included is solely for the 
purpose indicated or previously agreed. Any information or data included 
with this e-mail remains the property of Findel PLC and the recipient will 
refrain from utilising the information for any purpose other than that 
indicated and upon request will destroy the information and remove it from 
their records. Any views or opinions presented are solely those of the 
author and do not necessarily represent those of Findel PLC. If you are 
not the intended recipient, be advised that you have received this email 
in error and that any use, dissemination, forwarding, printing, or copying 
of this email is strictly prohibited. No warranties or assurances are made 
in relation to the safety and content of this e-mail and any attachments. 
No liability is accepted for any consequences arising from it. Findel Plc 
reserves the right to monitor all e-mail communications through its 
internal and external networks. If you have received this email in error 
please notify our IT helpdesk on +44(0) 1254 303030
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20110923/93fb3d9e/attachment.html>


More information about the Xymon mailing list