PCRE reference with examples
Is there an online reference for PCRE available, including examples? I'm having difficulty setting up alerts and I clearly need help with PCRE.
Thanks.
Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com
Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006
On Wed, Oct 12, 2005 at 10:14:14PM -0500, Rich Smrcina wrote:
Is there an online reference for PCRE available, including examples? I'm having difficulty setting up alerts and I clearly need help with PCRE.
I did a google on "regular expression tutorial" and came up with this:
http://www.regular-expressions.info/tutorial.html
It isn't specific to PCRE, but PCRE implements the regex flavor found in Perl, so it should get you going.
Also, for trying out your regexes there's the "pcretest" utility which comes with the PCRE library. It lets you input your regex and try it out against selected candidate strings:
henrik at osiris:~$ pcretest PCRE version 4.5 01-December-2003
re> /(www|mail|ns).foo.com/ data> ns.foo.com 0: ns.foo.com 1: ns data> print.foo.com No match
Note that you must put the regex inside slashes when entering it into pcretest (it supports multi-line regexes - Hobbit doesn't).
Henrik
Ok, that's great info. Thanks!
Based on that I'm ending up with an expression like:
HOST=$va[\d\w]*$
To match any host beginning with 'va' that has zero or more alphanumeric characters after it. Is there an easier way to write this? If not that's fine, I just want to make sure I'm using it correctly.
Another poster (Asif Iqbal) posted the MAIL directives with multiple recipients. Does that work like he posted? Can the multiple email recipients be put into a macro? Consider the following:
$pg-tom=(tomsemail at somewhere.com|tomscell at wireless.com) HOST=tomshost MAIL $pg-tom DURATION=5m COLOR=red
Henrik Stoerner wrote:
On Wed, Oct 12, 2005 at 10:14:14PM -0500, Rich Smrcina wrote:
Is there an online reference for PCRE available, including examples? I'm having difficulty setting up alerts and I clearly need help with PCRE.
I did a google on "regular expression tutorial" and came up with this:
http://www.regular-expressions.info/tutorial.html
It isn't specific to PCRE, but PCRE implements the regex flavor found in Perl, so it should get you going.
Also, for trying out your regexes there's the "pcretest" utility which comes with the PCRE library. It lets you input your regex and try it out against selected candidate strings:
henrik at osiris:~$ pcretest PCRE version 4.5 01-December-2003
re> /(www|mail|ns).foo.com/ data> ns.foo.com 0: ns.foo.com 1: ns data> print.foo.com No match
Note that you must put the regex inside slashes when entering it into pcretest (it supports multi-line regexes - Hobbit doesn't).
Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
-- Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com
Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006
On Thu, Oct 13, 2005 at 10:50:26AM -0500, Rich Smrcina wrote:
Ok, that's great info. Thanks!
Based on that I'm ending up with an expression like:
HOST=$va[\d\w]*$
To match any host beginning with 'va' that has zero or more alphanumeric characters after it. Is there an easier way to write this? If not that's fine, I just want to make sure I'm using it correctly.
I'd say HOST=%^va[\d]*$
You need the "%" first, to tell Hobbit that what comes next is a regexp. Then the "^" means that the expression must match at the beginning of the string. "\w" is whitespace ? Think so - in that case it is not needed, since Hobbit will never match with any whitepace in the hostname.
Another poster (Asif Iqbal) posted the MAIL directives with multiple recipients. Does that work like he posted? Can the multiple email recipients be put into a macro? Consider the following:
$pg-tom=(tomsemail at somewhere.com|tomscell at wireless.com) HOST=tomshost MAIL $pg-tom DURATION=5m COLOR=red
What comes after the MAIL keyword is passed directly to your "mail" utility. So it would probably be better to have
$pg-tom=tomsemail at somewhere.com,tomscell at wireless.com
if your "mail" tool supports listing multiple recipients separated by commas. Some dont - then you can use a short-hand notation like:
$pg-tom=tomsemail at somewhere.com tomscell at wireless.com
and separate them by spaces - Hobbit will handle this as if you had multiple "MAIL ..." lines with each of the mail recipients. So it sends out the mail in separate e-mails, instead of one e-mail to all of the recipients. (Same net effect).
One more thing: I'm sure "DURATION=5m" is not what you want. Make that "DURATION>5m".
Regards, Henrik
Henrik Stoerner wrote:
I'd say HOST=%^va[\d]*$
You need the "%" first, to tell Hobbit that what comes next is a regexp. Then the "^" means that the expression must match at the beginning of the string. "\w" is whitespace ? Think so - in that case it is not needed, since Hobbit will never match with any whitepace in the hostname.
Based on the tutorial, \w is a word character (usually letters, underscores). Good tip about beginning of string.
What comes after the MAIL keyword is passed directly to your "mail" utility. So it would probably be better to have
$pg-tom=tomsemail at somewhere.com,tomscell at wireless.com
if your "mail" tool supports listing multiple recipients separated by commas. Some dont - then you can use a short-hand notation like:
$pg-tom=tomsemail at somewhere.com tomscell at wireless.com
and separate them by spaces - Hobbit will handle this as if you had multiple "MAIL ..." lines with each of the mail recipients. So it sends out the mail in separate e-mails, instead of one e-mail to all of the recipients. (Same net effect).
Then is the syntax for using macros in the MAIL line the same as HOST:
$pg-tom=tomsemail at somewhere.com tomscell at wireless.com
HOST %^va.*$ MAIL=%$pg-tom
When I run this through 'bbcmd hobbitd-alert --test' I get two lines that look like this:
00008432 2005-10-13 14:30:06 Failed 'MAIL %$pg-tom DURATION>5 COLOR=red' (min. duration 0<300)
I would have expected the actual email addresses...
One more thing: I'm sure "DURATION=5m" is not what you want. Make that "DURATION>5m".
Correct, I typed it into the message incorrectly.
Thanks.
Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com
Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006
On Thu, Oct 13, 2005 at 02:32:14PM -0500, Rich Smrcina wrote:
What comes after the MAIL keyword is passed directly to your "mail" utility. So it would probably be better to have
$pg-tom=tomsemail at somewhere.com,tomscell at wireless.com
if your "mail" tool supports listing multiple recipients separated by commas. Some dont - then you can use a short-hand notation like:
$pg-tom=tomsemail at somewhere.com tomscell at wireless.com
and separate them by spaces - Hobbit will handle this as if you had multiple "MAIL ..." lines with each of the mail recipients. So it sends out the mail in separate e-mails, instead of one e-mail to all of the recipients. (Same net effect).
Then is the syntax for using macros in the MAIL line the same as HOST:
$pg-tom=tomsemail at somewhere.com tomscell at wireless.com
HOST %^va.*$ MAIL=%$pg-tom
No, just MAIL $pg-tom
Henrik
That produces two lines that look like this:
00008432 2005-10-13 14:30:06 Failed 'MAIL $pg-tom DURATION>5 COLOR=red' (min. duration 0<300)
Shouldn't the individual email addresses appear in place of $pg-tom?
Henrik Stoerner wrote:
No, just MAIL $pg-tom
Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
-- Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com
Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006
On Thu, Oct 13, 2005 at 03:02:14PM -0500, Rich Smrcina wrote:
That produces two lines that look like this:
00008432 2005-10-13 14:30:06 Failed 'MAIL $pg-tom DURATION>5 COLOR=red' (min. duration 0<300)
Oops You're right - the test option doesn't show the expanded macros. Try the --dump-config instead:
$ bbcmd hobbitd_alert --dump-config 2005-10-13 22:09:02 Using default environment file /usr/lib/hobbit/server/etc/hobbitserver.cfg
HOST=%^va.* MAIL tomsemail at somewhere.com FORMAT=TEXT REPEAT=30 MAIL tomscell at wireless.com FORMAT=TEXT REPEAT=30
Regards, Henrik
Good show, that looks better. Thanks!
Henrik Stoerner wrote:
On Thu, Oct 13, 2005 at 03:02:14PM -0500, Rich Smrcina wrote:
That produces two lines that look like this:
00008432 2005-10-13 14:30:06 Failed 'MAIL $pg-tom DURATION>5 COLOR=red' (min. duration 0<300)
Oops You're right - the test option doesn't show the expanded macros. Try the --dump-config instead:
$ bbcmd hobbitd_alert --dump-config 2005-10-13 22:09:02 Using default environment file /usr/lib/hobbit/server/etc/hobbitserver.cfg
HOST=%^va.* MAIL tomsemail at somewhere.com FORMAT=TEXT REPEAT=30 MAIL tomscell at wireless.com FORMAT=TEXT REPEAT=30
Regards, Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
-- Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com
Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006
You'll probably be better off with:
HOST=^va.*$
(Note the caret instead of the dollar sign.)
-Dan
On 10/13/05, Rich Smrcina <rsmrcina at wi.rr.com> wrote:
Ok, that's great info. Thanks!
Based on that I'm ending up with an expression like:
HOST=$va[\d\w]*$
To match any host beginning with 'va' that has zero or more alphanumeric characters after it. Is there an easier way to write this? If not that's fine, I just want to make sure I'm using it correctly.
Another poster (Asif Iqbal) posted the MAIL directives with multiple recipients. Does that work like he posted? Can the multiple email recipients be put into a macro? Consider the following:
$pg-tom=(tomsemail at somewhere.com|tomscell at wireless.com) HOST=tomshost MAIL $pg-tom DURATION=5m COLOR=red
Henrik Stoerner wrote:
On Wed, Oct 12, 2005 at 10:14:14PM -0500, Rich Smrcina wrote:
Is there an online reference for PCRE available, including examples? I'm having difficulty setting up alerts and I clearly need help with PCRE.
I did a google on "regular expression tutorial" and came up with this:
http://www.regular-expressions.info/tutorial.html
It isn't specific to PCRE, but PCRE implements the regex flavor found in Perl, so it should get you going.
Also, for trying out your regexes there's the "pcretest" utility which comes with the PCRE library. It lets you input your regex and try it out against selected candidate strings:
henrik at osiris:~$ pcretest PCRE version 4.5 01-December-2003
re> /(www|mail|ns).foo.com/ data> ns.foo.com 0: ns.foo.com 1: ns data> print.foo.com No match
Note that you must put the regex inside slashes when entering it into pcretest (it supports multi-line regexes - Hobbit doesn't).
Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
-- Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com
Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
On 13/10/05, Rich Smrcina <rsmrcina at wi.rr.com> wrote:
Is there an online reference for PCRE available, including examples? I'm having difficulty setting up alerts and I clearly need help with PCRE.
As linked from the top page of www.pcre.org :)
http://perldoc.perl.org/perlre.html
-- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche
participants (4)
-
bigdan@gmail.com
-
henrik@hswn.dk
-
rob.macgregor@gmail.com
-
rsmrcina@wi.rr.com