DX Unified Infrastructure Management

So was thinking of starting a regEx thread b/c it would be helpful for many of us who have to try to find something in a log or match against a specific message event string.

So if you have a regex question post in here so this can be a collection of these in one spot.

I have one to share: I have an ntevl profile that we alert on a DHCP event with evt ID 1603.

But was asked to alert on all message strings that do NOT contain: NY-MGMT

The event message string comes in the format:

Microsoft-Windows-DHCP-Server (1063 - None): There are no IP addresses available for lease in the scope or superscope "NY-MGMT".

So we want to trigger the alert and generate an alarm if the string doesn't contain:  NY-MGMT but for all other strings, throw the alert. 

Using the nas probe's pattern/regexp validation tool (F2 when focused is set in the Message String for any Profile) 1st I tired matching the string with: /.*NY-MGMT.*/ and that matched.

Then to exclude the word "NY-MGMT"" I found that this does it:

           /.*^(?!.*NY-MGMT").*/

I added the extra " at the end in case there might be machines that have a MGMT01 format. Those would still get excluded but we would want to include those an alert. 

My question here is what if we wanted to use the same profile and just add another machines to the exclude list? How would that regEx look like. So if we wanted to exclude NY-MGMT and NY-BOX1 what would the expression be?

Thanks Yu. But what about in the ntevl IM config dialog? 

/.*^(?!.*NY-MGMT").*/

For it to reject other boxes or a list  I tried using the pipe "|"  but couldn't find  the right statement.

BTW, we use the Admin console for deployments of probe updates b/c its much faster and for configuring the AC only probes. But had to hold off on fully using it b/c UIM Dev gave up on it all together. When it was 1st introduced it was great, much quicker, faster than the IM gui's but then then development did one more update to AC 2.0 then they dropped the ball updating it for good for the MCS which we will not touch. 

Hello, need help with this one.

What reg expression would capture the entire line with the date in this file? The file could have multiple entiries that I would need to capture as well:

CertFile.txt:

CertificationDomains   Issuer   NotAfter   Services

---------------------------   --------   -----------   ------------

{mail.abc.com,ww.m...   CN=Go Dadday Secure Certifi....   12/26/2018 11:22:24 AM   IMAP,POP,SMTP

I am using logmon to scan this text file and if the script spits out anything to this file, I want to just grab the line with the date on it and include in alarm generated so want to pull in just the line(s) with a date  #/#/#

Something like /.*\d{2}/\d{2}/\d{4}\s\d{2}:\d{2}:\d{2}\s[AP]M.*/ will match any whole line with a date in it - assuming that any single digit time pieces are zero padded.

Thank you Garin. That works!