Application Perf Mgmt (BAC / BSM) Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

SiS logfile monitor : advanced content match

Frequent Advisor

SiS logfile monitor : advanced content match

Hello,

 

With a SiteScope logfile monitor, I would like to receive an alert when there is new errors in the /var/log/messages, excepted if it's related to SSH. In other word, the content match would be something like: "     Error message not containing "sshd" and containing "error"      "

 

EXAMPLE of an error message for which I don't want to receive an alert:

Feb 26 19:21:44 host2 sshd[23413]: error: PAM: Authentication failure for root from server.mydomain.com

 

Is there a way to do this ?

 

Thanks in advance,

Regards,

  Christophe

 

3 REPLIES
HPE Expert

Re: SiS logfile monitor : advanced content match

Hi,

 

Try regexp like /.*Authentication.*from (.*)/ and label "Intruder"

Best Regards, Alexander
SiteScope Core QA Team Engineer
Frequent Advisor

Re: SiS logfile monitor : advanced content match

Hi Alexander,

 

It will not work for me.

 

I want to receive an alert each time there is a line containing "error" pattern in /var/log/messages, excepted if the line contains also "sshd".

 

Regards,

  Christophe

Highlighted
HPE Expert

Re: SiS logfile monitor : advanced content match

/c

The matched pattern may NOT appear anywhere in content that is being searched. This is a "complement" match, returning an error if the pattern IS found, and succeeding if the pattern is NOT found.

 

maybe, this modifier fit?

Best Regards, Alexander
SiteScope Core QA Team Engineer