[hobbit] how to search for exact word patterns

Ryan Novosielski novosirj at umdnj.edu
Fri Sep 18 21:52:04 CEST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"." is a single character.

Josh Luthman wrote:
> I thought it was a dot from the example from help.
> 
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> 
> "When you have eliminated the impossible, that which remains, however
> improbable, must be the truth."
> --- Sir Arthur Conan Doyle
> 
> 
> On Fri, Sep 18, 2009 at 3:08 PM, Greg Hubbard <glh.forums at gmail.com
> <mailto:glh.forums at gmail.com>> wrote:
> 
>     Yes -- you only need one % at the beginning of your string to tell
>     Xymon you are going to use a regular expression.  You do not need
>     the other % unless they are expected to appear in the log.
>      
>     When using a regular expression, the | character means "or".  So if
>     your example will "fire" if any message contains and of those
>     words.  Also you seem to be using * by itself, which means "match
>     the preceding 0 or more times".  Normally we use "dot star" ".*" to
>     mean "match anything no matter how long."
>      
>     Regular expressions are a bit of a mystery, but are very powerful. 
>     Xymon uses Perl-compatible regular expressons (PCRE) so you might be
>     able to Google some examples.
>      
>     If you are searching for "Out of memory" in a log file, you can use
>     "%Out of memory" as your regex string.  I do not remember how you
>     deal with spaces in the string and the Xymon help is not helpful. 
>     One way to do it would be to change your spaces into \s+ so it would
>     be %Out\s+of\s+memory  which removes the embedded spaces (so the
>     Xymon parser does not think part of your regex is some other token
>     on the commend) and also means that you will match of the is at
>     least one whitespace character between each word -- slightly more
>     robust than using a single space.
>      
>     I know the above is a jumble, but if you will post the exact string
>     you want to match we can help you create the matching expression to
>     help you get the hang of it.
>      
>     GLH
>      
>     On 9/18/09, *Camelia Anghel* <canghel at cjh.org
>     <mailto:canghel at cjh.org>> wrote:
> 
>         Right now looks like this:
> 
>          
> 
>         LOG /var/log/messages
>         %failure*|%failed*|%error*|%Warning*|%memory*  Color=Red
> 
>          
> 
>         But if I type
> 
>         LOG /var/log/messages %failure*|%failed*|%error*|%Warning*|%out
>         of memory* Color=Red
> 
>          
> 
>         I’m getting all the messages that have one of these words: out
>         or of or memory somewhere in their string.
> 
>          
> 
>         Camelia
> 
>         -----Original Message-----
>         *From:* Greg Hubbard [mailto:glh.forums at gmail.com
>         <mailto:glh.forums at gmail.com>]
>         *Sent**:* Friday, September 18, 2009 1:25 PM
>         *To:* hobbit at hswn.dk <mailto:hobbit at hswn.dk>
>         *Subject:* Re: [hobbit] how to search for exact word patterns
> 
>          
> 
>         Try making it a regex (with % prefix) instead of "simple"
>         expression.
> 
>         On 9/18/09, *Camelia Anghel* <canghel at cjh.org
>         <mailto:canghel at cjh.org>> wrote:
> 
>         Did that but it look for all messages that have one of the 3 words
> 
>         Thanks anyway
> 
>         Camelia
> 
>          
> 
>         -----Original Message-----
>         *From:* Josh Luthman [mailto:josh at imaginenetworksllc.com
>         <mailto:josh at imaginenetworksllc.com>]
>         *Sent:* Friday, September 18, 2009 11:22 AM
>         *To:* hobbit at hswn.dk <mailto:hobbit at hswn.dk>
>         *Subject:* Re: [hobbit] how to search for exact word patterns
> 
>          
> 
>         I think it's:
> 
>         HOST=my.host.com <http://my.host.com/>
>             LOG /var/log/messages "out of memory" COLOR=red
> 
>         Not tested.
> 
>         Josh Luthman
>         Office: 937-552-2340
>         Direct: 937-552-2343
>         1100 Wayne St
>         Suite 1337
>         Troy, OH 45373
> 
>         "When you have eliminated the impossible, that which remains,
>         however improbable, must be the truth."
>         --- Sir Arthur Conan Doyle
> 
>         On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel <canghel at cjh.org
>         <mailto:canghel at cjh.org>> wrote:
> 
> 
>         Hello all,
>         I am trying to set up an alert to search for exact word patterns in
>         /var/log/messages.  For example: "Out of Memory"
> 
>         Any help would be appreciated.
> 
>         Thanks,
>         Camelia
> 
>         To unsubscribe from the hobbit list, send an e-mail to
>         hobbit-unsubscribe at hswn.dk <mailto:hobbit-unsubscribe at hswn.dk>
> 
>          
> 
> 
> 
> 
>         -- 
>         Disclaimer:  1) all opinions are my own, 2) I may be completely
>         wrong, 3) my advice is worth at least as much as what you are
>         paying for it, or your money cheerfully refunded.
> 
> 
> 
> 
>     -- 
>     Disclaimer:  1) all opinions are my own, 2) I may be completely
>     wrong, 3) my advice is worth at least as much as what you are paying
>     for it, or your money cheerfully refunded. 
> 
> 


- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/CST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqz5OQACgkQmb+gadEcsb6/AQCeMHINp1FT58/yxJhGDV9jjDYf
2UQAoJOd++iahFVlFX1RNwrgarLQ03lT
=0XEa
-----END PGP SIGNATURE-----

More information about the Xymon mailing list