Considering the following error log, in a log file, which I am using as an input for nagios logwarn command -
[19910:7f88e07ff700:559445:000001] [] \nFatal error: File not found: ./postGetAds.php in /var/cake_1.2.0.6311-beta/app/webroot/openx/www/delivery/androidGetAd.php on line 302
The following regex works perfect, to detect if a "Fatal" string is present -
/^.*Fatal*/g
Here is the complete nagios logwarn command where I am using the above regex -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error -p /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log "^.*Fatal*"
And here is the output, as was so far desired -
Log errors: [Thu Jan 12 07:46:38 2017] [hphp] [19910:7f89543ff700:558024:000001] [] \nFatal error: File not found: ./postGetAd.php in /var/cake_1.2.0.6311-beta/app/webroot/openx/www/delivery/androidGetAd.php on line 302
Now, I want to do a modification, to ignore the matching of a log line if there is a string "File not found: " following the "Fatal", as in the above example error log.
The logwarn documentation mentions support for a negative checking expression and support for multiple regexpressions in the same command, like this -
logwarn -p -m '^myprog: ' '!retrying' 'ERROR'
So, I tried the following, which is still not giving the desired result (still matching the file not exists part) -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error -p /mnt/log/hiphop/error_20170118.log '^.*Fatal*' '!.*File not found\: \.\/postGetAd\.php'
In a practical scenario, I would be having multiple file paths whose corresponding "File not found" errors need to be ignored. The best solution could consider that as well.
Note - the regex here is POSIX flavor.
The logwarn utility accepts a list of positive and negative regular expressions. From the manual page:
Each log message is compared against each pattern in the order given. Negative patterns are specified with a ``!'' prefix. If the log message matches a positive pattern before matching a negative !pattern, or if none of the patterns match, then it's printed to standard output.
So, each line is tested against the patterns in order.
- If a positive pattern matches, the line is accepted and no more patterns are tested.
- If a negative pattern matches, the line is rejected and no more patterns are tested.
- If the end of the list is reached with no pattern matches, the line is rejected.
You are looking for lines that include A but do not include B which can be expressed with an AND function: A·!B
Specifying the pattern list as A !B will result in the function: A+!B
Whereas specifying the pattern in reverse order !B A will result in the function: A·!B
来源:https://stackoverflow.com/questions/41716338/modifying-regex-match-in-nagios-logwarn-which-matches-against-string-to-not-mat