On Mon, 01 Aug 2011 20:32:10 +0200, Christoph Schug <cs at schug.net> wrote:
If have got a question regarding Xymon 4.3.3 (running on CentOS 5.6/x86_64). In order to monitor the existence of certain processes like rsyslogd(8) I have following process rule defined in analysis.cfg:
CLASS=linux PROC "%^/sbin/rsyslogd -m 0$" [...]
I was asked off the list (thanks, but honestly I hope the benefit for all of us is higher of discussion keeps on the list):
"Why not just dispense with the '^'? That way the RE will match regardless of where it starts. "
I'd like to have most exact matching on all my processes. rsyslogd(8) is just an example, same applies for example to shell scripts which run for a very long time or as daemon. So I prefer rather
PROC "%^/foo/bar$"instead of just
PROC "/foo/bar"or a somehow relaxed regex, because otherwise a local use might have a look at the script using more(1), but I don't want to have the process monitoring matching such thinks like "more /foo/bar". This is reporting wrong numbers, or might even report the check as GREEN while the instance which is intended to run doesn't so anymore.
-cs