无法使用nginx logwarn正确解析出包含特定关键字的日志行 [英] Unable to correctly parse out log lines containing particular keyword using nginx logwarn
问题描述
在上次调用check_logwarn命令后添加了以下日志行-
With the following log line added after the last invocation of check_logwarn command -
[Tue Nov 22 11:04:03 2016] [hphp] [10755:7f41af3ff700:6272:000001] [] SlowTimer [2086ms] at runtime/ext_m
ysql: slow query: SELECT b.bannerid, b.campaignid FROM ox_banners b, ox_campaigns c WHERE b.campaignid =
c.campaignid AND (b.status = 0 OR b.`updated` >= now() - INTERVAL 7 DAY) AND (c.status = 0 OR c.`updated`
>= now() - INTERVAL 7 DAY) AND b.updated >= '2016-11-22 11:03:01';
下面的logwarn命令,查找SlowTimer,正如我期望的那样找到匹配的日志(输出是在最后一次调用该命令后添加的整个日志行)-
The following logwarn command, looking for SlowTimer, finds a matching log, as I expect (output is the entire log line which was added after the last invocation of the command) -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log ".*SlowTimer.*"
但是,下面的查找SlowTimers的命令也会找到匹配的日志,这是我所不希望的-
However, the following command looking for SlowTimers also finds a matching log, which I do not expect -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log ".*SlowTimers.*"
我在 https://regex101.com/上测试了正则表达式,并且/.*SlowTimer.*/g匹配,而
I tested the regex on https://regex101.com/, and /.*SlowTimer.*/g matches whereas /.*SlowTimers.*/g does not match anything. I think this is pretty simple regex and works similar across the various flavors.
当命令没有找到任何匹配的内容时(例如,上次调用后没有新的日志行),这就是我得到的输出-
When the command does not find anything matching (e.g. when there is no new log line after the last invocation), this is the output I get -
OK: No log errors found
寻找.*SlowTimers.*时,我期望上面的输出.
I am expecting the above output when I look for .*SlowTimers.*.
请找到 logwarn手册以供参考.
推荐答案
认为您可能需要使用-p标志:
Think you may need to use the -p flag:
-p Change default match behavior to non-matching. By default, if a log
message doesn't match any of the positive or negative patterns, it is
considered a match. This flag reverses this behavior so that these
messages are considered non-matches.
我对此也可能是错的,但认为正则表达式可以简化为SlowTimers而不是.*SlowTimers.*.它没有指定开始(^)和结束($),因此可以出现在文本的任何位置.
Also I could be wrong about this but think the regex could be simplified to SlowTimers rather than .*SlowTimers.*. It isn't specifying start (^) and end ($) so could appear anywhere in the text.
这篇关于无法使用nginx logwarn正确解析出包含特定关键字的日志行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
