Re: [zenoss-users] Event Mapping

Mon, 29 Jan 2007 06:58:33 -0800 

Philip,
My first thought is that you probably need to escape the parens around (to root), otherwise the regex might think you're starting a group. Maybe something like: 

FAILED SU \(to root\) (?P<eventKey>\S+) on (?P<tty>\S+)


In Zenoss 1.1 (and possibly earlier versions too) the UI has a  
feature for helping with regex debugging.  Take the text that you're  
trying to match and paste it into the Example field (on the edit tab  
for an event mapping.)  After you click the save button the text of  
the regex will turn red if it doesn't match the text in the example  
field.


-jason

On Jan 29, 2007, at 2:36 AM, Philip Wege wrote:


Hi All

I'm having a problem mapping an event example to its regex:

The output from syslog is: FAILED SU (to root) user on /dev/pts/2
I have tried all of these below:

FAILED SU (to root) (?P<eventKey>\S+) on (?P<tty>\S+)
FAILED SU (to (?P<eventKey>\S+)) (?P<username>\S+) on (?P<tty>\S+)
FAILED SU (?P<eventKey>\S+) (?P<username>\S+) on (?P<tty>\S+)

None of the picks up the event it keeps on coming up as an unknown
class, does anyone have an advice on how to fix the regex?

Kind Regards

Philip
_________________________________________________

Internet Services
Imperial Online - The Imperial Connection
Switchboard: (+2711) 723-8000
Facsimile: (+2711) 454-1236
Helpdesk: (+2711) 723-8181
Email: [EMAIL PROTECTED]
Web: www.imperialonline.co.za / www.imperialtoday.co.za

_________________________________________________




Disclaimer: Any views expressed in this email, unless otherwise  
specified, do not represent the views or opinions of Imperial  
Online, the Imperial Group Ltd, or any of its members, directors,  
stakeholders or management. The contents of this communication are  
privileged, and are intended for the specified recipient(s) only.  
Unauthorised use, copying or disclosure of any part of this  
communication may be unlawful. If you have received this  
communication in error, please notify the sender immediately by  
return email, and delete the communication. For more information,  
please contact the switchboard at Imperial Online on (+2711)  
723-8000, or visit www.imperialonline.co.za.


_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users


_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users






















					Reply via email to