Project

General

Profile

Feature #283

lml nagios rule

Added by about 16 years ago. Updated almost 15 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Yoann VANDOORSELAERE
Target version:
0.9.12
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

the prelude lml nagios rule looks like this

regex=SERVICE ALERT: (\w+)\;([\w\s]+)\;(CRITICAL|WARNING|OK)\;HARD\;\d\;(.+);

a nagios (version 2) log entry can look like this 

SERVICE ALERT: app1.env2.domain.com;check_getDslProfile1i-version1

so the (\w+) won't match the host and the ([\w\s]+) won't match the check_name

i would change it to

regex=SERVICE ALERT: ([\w\-\.]+\;(\S+);(CRITICAL|WARNING|OK)\;

i am not shur if the there a white spaces allowed in the check_name ...

cheers
philipp

nagios.log View (513 Bytes) , 04/18/2008 12:46 PM

History

#1 Updated by Yoann VANDOORSELAERE almost 16 years ago

  • Status changed from New to Assigned

#2 Updated by Yoann VANDOORSELAERE almost 16 years ago

  • Status changed from Assigned to Closed
  • Resolution set to fixed

(In r10515) Implement slighly modified Nagios ruleset fixes, allow
Nagios v2 matches (fix #283).

#3 Updated by Yoann VANDOORSELAERE almost 15 years ago

  • Project changed from PRELUDE SIEM to Prelude-LML
  • Category deleted (4)
  • Target version deleted (0.9.12)

Also available in: Atom PDF