Saturday, April 4, 2015

UNIX/Linux Log File Monitor RegEx Sample

In SCOM you’ve the option to use Monitoring Templates to monitor log files for patterns you define.

In the ootb template you only have the option for one regex pattern. But what if you like to query for positive pattern and negatives as well?

Easy, as long as you understand how to build regular expressions.

In my sample I’m searching for the pattern ‘positive’ while the string should not match the pattern ‘negative’.

Here’s the regex you could use:
((?i:positive)(?!(.*negative)))

You can test the regex against a sample string directly from the wizard:

clip_image002

clip_image002[4]

Furthermore, you could search for multiple patterns. Here’s the regex you could use:
((?i:positive1|positive2)(?!(.*negative)))

Happy RegEx’ing!

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.

3 comments:

  1. Hi!
    It's not work for me! I use ((?i:online)(?!(.*offline)))

    ReplyDelete
    Replies
    1. Hi,
      have you tried .+ instead of .* as well?
      (sorry for the delay, did not publish my respond...)

      Delete
  2. This comment has been removed by the author.

    ReplyDelete