Hi at all, I'm a SEC noob and I'm trying to monitor the output of a script (not mine) that writes in /var/log/messages its elapsed running time. I have to notify to Nagios if this time override a first limit (warning) or another more important one (critical). Now I've found a solution with regexp:
type=Single ptype=RegExp pattern=Ending\sscript.\sIt\slasted\s[\d]*\sseconds context=LOWPERF continue=TakeNext desc=$0 action=create LOWPERF type=Single ptype=RegExp pattern=Ending\sscript.\sIt\slasted\s[\d]*\ssecond continue=TakeNext desc=$1 action=add LOWPERF $0 ## This rule matches all number from 100 to 699. type=Single ptype=RegExp pattern=Ending\sscript.\sIt\slasted\s[1-6][\d][\d]\sseconds desc=$0 action=report LOWPERF /bin/echo -e "script\tperformance\t0\t$0" | /usr/nagios/libexec/send_nsca -H 192.168.1.200 -c /etc/nagios/send_nsca.cfg ## This rule matches all number from 700 to 899. type=Single ptype=RegExp pattern=Ending\sscript.\sIt\slasted\s[7-8][\d][\d]\sseconds desc=$0 action=report LOWPERF /bin/echo -e "script\tperformance\t1\t$0" | /usr/nagios/libexec/send_nsca -H 192.168.1.200 -c /etc/nagios/send_nsca.cfg; ## This rule matches all number from 900 to infinity. type=Single ptype=RegExp pattern=Ending\sscript.\sIt\slasted\s([9][\d][\d]|[\d][\d][\d]\d+)\sseconds desc=$0 action=report LOWPERF /bin/echo -e "script\tperformance\t2\t$0" | /usr/nagios/libexec/send_nsca -H 192.168.1.200 -c /etc/nagios/send_nsca.cfg; But it is not very readable and if I would like to lower limit I've to modify each regexp logic with many possibilities to be wrong. I've tried to study Perl syntax to user PerlFunc SEC feature, but I don't find a solution: I'd like to get someting like... pattern=[\d]*; if ( pattern < 700 ) then action... and so on. Thanks for any suggestions and sorry for my poor english, Simone ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
