Anyone able to help me figure out how to have a regex in a logmon variable? The scenario I'm shooting for with logmon is to generate an alert if the variable is between 90 and 95(in one watcher). I have a variable to trigger an alert over over 95 (A separate watcher and works great). Any ideas how this should actually look for the range in the first watcher of 90-95?
Instead of using the variable rules, could you edit your match expression to only match if the value is between 90 and 95?Something like: 9[0-5]
That may work.... I got rid of my variable and just used the match expression of /9[0-5]/ and it still didn't find a match even though the current value is 94 in the file i'm looking at. Am I missing something here with that regex?
Hmm... That still didn't work.
Can you post a screenshot of your config and a snippet of the log?
Attached is a screen shot and the log file just has the value in it. A script prints to a file with a single value in this case, it's 94 at the moment. Nothing else in the log file other than that number.
Hmm.. I don't see why that wouldn't work. It is a pretty simple regex. Maybe bump up the log level 3 and see if that gives you any clues?
Well, you were right on your Regex. I changed the way the logom works instead of updates, I did cat. Also, when in production, this will actually use a command. So it's all good. Also, it worked with the variable when i used /(?!9[0-4].*/ so that says expect any number that isn't 90-94. So now i can take that variable and put it in the alarm message to show what the value is that caused the breach. Thanks for the help!
I'm not sure why that negative lookahead would work in your case as You'd normally need extra parentheses to make it a capture, as lookahead uses parentheses itself. Also, I'd be careful using that unless your command output will also be only the the number as well, as that regex might capture more under some circumstances.