Feature #283
lml nagios rule
Start date:
Due date:
% Done:
0%
Resolution:
fixed
Description
the prelude lml nagios rule looks like this
regex=SERVICE ALERT: (\w+)\;([\w\s]+)\;(CRITICAL|WARNING|OK)\;HARD\;\d\;(.+);
a nagios (version 2) log entry can look like this
SERVICE ALERT: app1.env2.domain.com;check_getDslProfile1i-version1
so the (\w+) won't match the host and the ([\w\s]+) won't match the check_name
i would change it to
regex=SERVICE ALERT: ([\w\-\.]+\;(\S+);(CRITICAL|WARNING|OK)\;
i am not shur if the there a white spaces allowed in the check_name ...
cheers
philipp
History
#1 Updated by Yoann VANDOORSELAERE about 15 years ago
- Status changed from New to Assigned
#2 Updated by Yoann VANDOORSELAERE about 15 years ago
- Status changed from Assigned to Closed
- Resolution set to fixed
(In r10515) Implement slighly modified Nagios ruleset fixes, allow
Nagios v2 matches (fix #283).
#3 Updated by Yoann VANDOORSELAERE about 14 years ago
- Project changed from PRELUDE SIEM to Prelude-LML
- Category deleted (
4) - Target version deleted (
0.9.12)