On 9/22/11 7:54 AM, "Neil Simmonds" <Neil.Simmonds at express-gifts.co.uk> wrote:
Hi all,
I¹m trying to monitor a Windows event log for an error,
I¹ve got BBWin 0.12 installed in central mode and I¹ve successfully got the eventlogs showing up in messages,
However if I get an error from Backup Exec similar to this,
error - 2011/09/22 13:30:00 - Backup Exec System Recovery (100) - Error EC8F17B7: Cannot create recovery points for job: BACKUP_SCHED_01_30_SAT. Error E7B70001: Win32/Win64 API DeviceIoControl(IOCTL_VSNAP_VDIFF_STOP) failed. Error EBAB03F1: The device does not recognize the command. Details: 0xE7B70001 Source: Backup Exec System Recovery
Despite the fact that I have this, ³LOG eventlog:Application %(Backup Exec System Recovery\.+?|Error) COLOR=yellow² in my analysis.cfg file the color doesn¹t change.
Why did you escape the . ? If you remove the \ in front of the ., it might work better.
I don't think you need to specify greediness either.
In other projects we tend to be very suspicious of unqualified .+ expansions, as they can consume a lot of memory. You might try something like: %(Backup Exec System Recovery.{1,50}Error)
That is read as "look for the exact words "Backup Exec System Recovery", followed by the word "Error" no more than 50 characters later..."
-- Daniel J McDonald, CCIE # 2495, CISSP # 78281