Yes, that's a start. Thanks, camelia

-----Original Message----- From: Josh Luthman [mailto:josh at imaginenetworksllc.com] Sent: Friday, September 18, 2009 3:56 PM To: hobbit at hswn.dk Subject: Re: [hobbit] how to search for exact word patterns

Wouldn't that work for you at least at this point?

On 9/18/09, Ryan Novosielski <novosirj at umdnj.edu> wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

"." is a single character.

Josh Luthman wrote:

...

I thought it was a dot from the example from help.

Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373

"When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle

On Fri, Sep 18, 2009 at 3:08 PM, Greg Hubbard <glh.forums at gmail.com <mailto:glh.forums at gmail.com>> wrote:

Yes -- you only need one % at the beginning of your string to

tell Xymon you are going to use a regular expression. You do not need the other % unless they are expected to appear in the log.

When using a regular expression, the | character means "or".  So

if your example will "fire" if any message contains and of those words. Also you seem to be using * by itself, which means "match the preceding 0 or more times". Normally we use "dot star" ".*" to mean "match anything no matter how long."

Regular expressions are a bit of a mystery, but are very

powerful. Xymon uses Perl-compatible regular expressons (PCRE) so you might be able to Google some examples.

If you are searching for "Out of memory" in a log file, you can

use "%Out of memory" as your regex string. I do not remember how you deal with spaces in the string and the Xymon help is not helpful. One way to do it would be to change your spaces into \s+ so it would be %Out\s+of\s+memory which removes the embedded spaces (so the Xymon parser does not think part of your regex is some other token on the commend) and also means that you will match of the is at least one whitespace character between each word -- slightly more robust than using a single space.

I know the above is a jumble, but if you will post the exact

string you want to match we can help you create the matching expression to help you get the hang of it.

GLH

On 9/18/09, *Camelia Anghel* <canghel at cjh.org
<mailto:canghel at cjh.org>> wrote:

    Right now looks like this:



    LOG /var/log/messages
    %failure*|%failed*|%error*|%Warning*|%memory*  Color=Red



    But if I type

    LOG /var/log/messages

%failure*|%failed*|%error*|%Warning*|%out of memory* Color=Red

    I'm getting all the messages that have one of these words:

out or of or memory somewhere in their string.

    Camelia

    -----Original Message-----
    *From:* Greg Hubbard [mailto:glh.forums at gmail.com
    <mailto:glh.forums at gmail.com>]
    *Sent**:* Friday, September 18, 2009 1:25 PM
    *To:* hobbit at hswn.dk <mailto:hobbit at hswn.dk>
    *Subject:* Re: [hobbit] how to search for exact word patterns



    Try making it a regex (with % prefix) instead of "simple"
    expression.

    On 9/18/09, *Camelia Anghel* <canghel at cjh.org
    <mailto:canghel at cjh.org>> wrote:

    Did that but it look for all messages that have one of the 3

words

    Thanks anyway

    Camelia



    -----Original Message-----
    *From:* Josh Luthman [mailto:josh at imaginenetworksllc.com
    <mailto:josh at imaginenetworksllc.com>]
    *Sent:* Friday, September 18, 2009 11:22 AM
    *To:* hobbit at hswn.dk <mailto:hobbit at hswn.dk>
    *Subject:* Re: [hobbit] how to search for exact word patterns



    I think it's:

    HOST=my.host.com <http://my.host.com/>
        LOG /var/log/messages "out of memory" COLOR=red

    Not tested.

    Josh Luthman
    Office: 937-552-2340
    Direct: 937-552-2343
    1100 Wayne St
    Suite 1337
    Troy, OH 45373

    "When you have eliminated the impossible, that which remains,
    however improbable, must be the truth."
    --- Sir Arthur Conan Doyle

    On Fri, Sep 18, 2009 at 9:26 AM, Camelia Anghel

<canghel at cjh.org <mailto:canghel at cjh.org>> wrote:

    Hello all,
    I am trying to set up an alert to search for exact word

patterns in /var/log/messages. For example: "Out of Memory"

    Any help would be appreciated.

    Thanks,
    Camelia

    To unsubscribe from the hobbit list, send an e-mail to
    hobbit-unsubscribe at hswn.dk

<mailto:hobbit-unsubscribe at hswn.dk>

    --
    Disclaimer:  1) all opinions are my own, 2) I may be

completely wrong, 3) my advice is worth at least as much as what you are paying for it, or your money cheerfully refunded.

--
Disclaimer:  1) all opinions are my own, 2) I may be completely
wrong, 3) my advice is worth at least as much as what you are

paying for it, or your money cheerfully refunded.

---

---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqz5OQACgkQmb+gadEcsb6/AQCeMHINp1FT58/yxJhGDV9jjDYf 2UQAoJOd++iahFVlFX1RNwrgarLQ03lT =0XEa -----END PGP SIGNATURE-----

-- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373

"When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle

To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk