无法使用nginx logwarn正确解析出包含特定关键字的日志行 [英] Unable to correctly parse out log lines containing particular keyword using nginx logwarn
问题描述
在上次调用check_logwarn命令后添加了以下日志行-
With the following log line added after the last invocation of check_logwarn command -
[Tue Nov 22 11:04:03 2016] [hphp] [10755:7f41af3ff700:6272:000001] [] SlowTimer [2086ms] at runtime/ext_m
ysql: slow query: SELECT b.bannerid, b.campaignid FROM ox_banners b, ox_campaigns c WHERE b.campaignid =
c.campaignid AND (b.status = 0 OR b.`updated` >= now() - INTERVAL 7 DAY) AND (c.status = 0 OR c.`updated`
>= now() - INTERVAL 7 DAY) AND b.updated >= '2016-11-22 11:03:01';
下面的logwarn命令,查找SlowTimer
,正如我期望的那样找到匹配的日志(输出是在最后一次调用该命令后添加的整个日志行)-
The following logwarn command, looking for SlowTimer
, finds a matching log, as I expect (output is the entire log line which was added after the last invocation of the command) -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log ".*SlowTimer.*"
但是,下面的查找SlowTimers
的命令也会找到匹配的日志,这是我所不希望的-
However, the following command looking for SlowTimers
also finds a matching log, which I do not expect -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log ".*SlowTimers.*"
我在 https://regex101.com/上测试了正则表达式,并且/.*SlowTimer.*/g
匹配,而
I tested the regex on https://regex101.com/, and /.*SlowTimer.*/g
matches whereas /.*SlowTimers.*/g
does not match anything. I think this is pretty simple regex and works similar across the various flavors.
当命令没有找到任何匹配的内容时(例如,上次调用后没有新的日志行),这就是我得到的输出-
When the command does not find anything matching (e.g. when there is no new log line after the last invocation), this is the output I get -
OK: No log errors found
寻找.*SlowTimers.*
时,我期望上面的输出.
I am expecting the above output when I look for .*SlowTimers.*
.
请找到 logwarn手册以供参考.
推荐答案
认为您可能需要使用-p
标志:
Think you may need to use the -p
flag:
-p Change default match behavior to non-matching. By default, if a log
message doesn't match any of the positive or negative patterns, it is
considered a match. This flag reverses this behavior so that these
messages are considered non-matches.
我对此也可能是错的,但认为正则表达式可以简化为SlowTimers
而不是.*SlowTimers.*
.它没有指定开始(^
)和结束($
),因此可以出现在文本的任何位置.
Also I could be wrong about this but think the regex could be simplified to SlowTimers
rather than .*SlowTimers.*
. It isn't specifying start (^
) and end ($
) so could appear anywhere in the text.
这篇关于无法使用nginx logwarn正确解析出包含特定关键字的日志行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!