在nagios logwarn中修改正则表达式匹配项,该匹配项与字符串匹配,如果后面跟着另一个字符串则不匹配 [英] Modifying regex match in nagios logwarn which matches against string, to not match if followed by another string
问题描述
在日志文件中考虑以下错误日志,我将其用作nagios logwarn命令的输入-
Considering the following error log, in a log file, which I am using as an input for nagios logwarn command -
[19910:7f88e07ff700:559445:000001] [] \nFatal error: File not found: ./postGetAds.php in /var/cake_1.2.0.6311-beta/app/webroot/openx/www/delivery/androidGetAd.php on line 302
以下正则表达式可以完美工作,以检测是否存在致命"字符串-
The following regex works perfect, to detect if a "Fatal" string is present -
/^.*Fatal*/g
这是完整的nagios logwarn命令,我正在使用上述正则表达式-
Here is the complete nagios logwarn command where I am using the above regex -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error -p /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log "^.*Fatal*"
这是到目前为止所需的输出-
And here is the output, as was so far desired -
Log errors: [Thu Jan 12 07:46:38 2017] [hphp] [19910:7f89543ff700:558024:000001] [] \nFatal error: File not found: ./postGetAd.php in /var/cake_1.2.0.6311-beta/app/webroot/openx/www/delivery/androidGetAd.php on line 302
现在,我想做一个修改,如果在致命"之后有一个字符串找不到文件:",则忽略日志行的匹配,如上面的示例错误日志中所示.
Now, I want to do a modification, to ignore the matching of a log line if there is a string "File not found: " following the "Fatal", as in the above example error log.
logwarn文档提到了对否定检查表达式的支持以及对多个正则表达式的支持在相同的命令中,就像这样-
The logwarn documentation mentions support for a negative checking expression and support for multiple regexpressions in the same command, like this -
logwarn -p -m '^myprog: ' '!retrying' 'ERROR'
因此,我尝试了以下操作,但仍未给出期望的结果(仍与文件不存在部分匹配)-
So, I tried the following, which is still not giving the desired result (still matching the file not exists part) -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error -p /mnt/log/hiphop/error_20170118.log '^.*Fatal*' '!.*File not found\: \.\/postGetAd\.php'
在实际情况下,我将有多个文件路径,需要忽略其相应的找不到文件"错误.最好的解决方案也应该考虑这一点.
In a practical scenario, I would be having multiple file paths whose corresponding "File not found" errors need to be ignored. The best solution could consider that as well.
注意-这里的正则表达式是POSIX风格.
推荐答案
logwarn实用程序接受正负表达式的列表.从手册页:
The logwarn utility accepts a list of positive and negative regular expressions. From the manual page:
将每个日志消息与给定顺序的每个模式进行比较. 负模式以``!''前缀指定.如果日志 邮件匹配否定形式之前匹配肯定形式 !pattern,或者如果所有模式都不匹配,则将其打印到 标准输出.
Each log message is compared against each pattern in the order given. Negative patterns are specified with a ``!'' prefix. If the log message matches a positive pattern before matching a negative !pattern, or if none of the patterns match, then it's printed to standard output.
因此,每行都按模式按顺序进行测试.
So, each line is tested against the patterns in order.
- 如果一个正模式匹配,则接受该行,并且不再测试任何模式.
- 如果匹配否定模式,则该行将被拒绝,并且不再测试任何模式.
- 如果到达列表末尾且没有任何模式匹配,则该行将被拒绝.
您正在寻找包含A但不包含B的行,这些行可以用AND函数表示:A&midt!B
You are looking for lines that include A but do not include B which can be expressed with an AND function: A·!B
将模式列表指定为A !B将产生以下功能:A +!B
Specifying the pattern list as A !B will result in the function: A+!B
以相反的顺序指定模式!B A会产生以下功能:A&midt!B
Whereas specifying the pattern in reverse order !B A will result in the function: A·!B
这篇关于在nagios logwarn中修改正则表达式匹配项,该匹配项与字符串匹配,如果后面跟着另一个字符串则不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
