Boy you guys are good! :)
No more than a minute after I sent this, they came clear.
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Root, Paul T Sent: Friday, March 07, 2014 12:54 PM To: 'xymon at xymon.com' Subject: [Xymon] regex problems
My brain isn't processing today.
I've had 1 Windows machine infecting my network for a while now, and finally decided that I should have it give more than ping fail. So I brought up BBWin this morning. That was fine, but I immediately get ports and procs in red ,because I'm looking for the non-existent ssh daemon.
So I'm trying to get rid of those in analysis.cfg:
HOST=* EXHOST=%(iad|apa|stn)(380esx|win).* PORT "LOCAL=%([.:]22)$" state=LISTEN TRACK=sshd TEXT=SSHD
HOST=* EXHOST=%(iad|apa|stn)(380esx|ccmp|ccmt|win).* PROC sshd 1 70 yellow PROC sshd 1 100 red TRACK=sshd "TEXT=ssh daemon (sshd)"
These lines work fine for the rest of the machines referenced. They match iad380esx1 through iad380esx8, as well as apa and stn the same way. The second also matchs iadccmp1 and iadccmt1.
But they don't want to match iadwin1
What am I doing wrong?
Paul Root Lead Engineer CenturyLink Network Reliability Operations Center
600 Stinson Blvd, N.E. Flr 2N Minneapolis, MN 55413 Direct: (651)312-5207 Paul.Root at centurylink.com<mailto:Paul.Root at centurylink.com>