hi Shashi, there appears to be a subtle difference between the regular expression and the event you are trying to match. When you take a closer look at the regular expression, you will notice that it contains the following fragment:
%SATCTRL-FEX101-2 However, the event from the log file contains the substring "%SATCTRL-FEX107-2" which doesn't match the above construct. To fix the regular expression and make it work for both 101 and 107, you could use the construct 10[17] or perhaps just \d+. kind regards, risto 2016-09-08 22:11 GMT+03:00 Ganji, Shashirekha Yadav <[email protected]>: > > > Hi All, > > > > Is there any problem in this rule?? > > > > Rule was all working good but suddenly stopped working by not matching the > first pattern. > > > > ## Rule: 30(Nexus Extender power supply) Environment alert regarding power > supply failure `It will suppress alarm if power supply recovers within an > hour > > > > type=pairWithWindow > > > > ptype=regexp > > > > continue=dontcont > > > > pattern=Date=.* ,Device=(\S+) > ,Msg=.*((%SATCTRL-FEX101-2-SOHMS_DIAG_ERROR:).*power > supply (\d): failed) > > > > desc=$1 $3 $4 > > > > action=shellcmd perl /etc/syslog-config/send2mom/sec_s2m_v2.pl > --targetparent $1 --target $4 --notifying_group NETRS --severity MAJOR > --kpi Network --pattern "$3" --log "$2" --source SEC --sendevent on > > > > ptype2=regexp > > > > pattern2=Date=.* ,Device=($1) ,Msg=.*((%SATCTRL-FEX101-2-SOHMS_DIAG_ERROR:).* > Recovered: .* supply (\d): failed) > > > > desc2=logonly > > > > action2=shellcmd echo `date` "Source=SEC, KpiName=Network, Severity=-, > Action=Suppress, Device=$1, Pattern=$3, Notify Group=-, Log $0" >> > /local/mnt/workspace/logs/sec-logs/sec-messages.log > > window=3600 > > > > To be matched data: > > > > Date=Sep 8 08:12:30 ,Device=san-w170-dcr-sw-02-mgmt ,Msg=2016 Sep 8 > 08:12:30 PDT: %SATCTRL-FEX107-2-SOHMS_DIAG_ERROR: FEX-107 System minor > alarm on power supply 2: failed > > > > Thanks, > > SHashi > > > > >
------------------------------------------------------------------------------
_______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
