Reputation: 21
Zabbix log file monitoring with regex, trying to copy 2nd and 3rd line
I am using Zabbix monitoring system. I need to monitor a log file on a windows server for error messages. The first line just shows ERR and the next 2 lines then have the time stamp and details of the error. I need to bring all 3 lines into Zabbix. Zabbix uses perl regex for this.
Below is the regex I have been playing with. It can find ERR in the log or it can copy the additional lines but not both. I think what I need is an if then do statement and can not figure out how to write that.
\Q[ERR]\E(?:\r\n?|\n)(.*?)(?:\r\n?|\n)(.*?){2}(.+)
\Q[ERR]\E -finds ERR in the log file
(?:\r\n?|\n)(.*?)(?:\r\n?|\n)(.*?){2}(.+)
-copies the next 2 lines when I put them together it does not work
Log file: 2023-03-15 18:14:31.149 -04:00 [ERR] Exception Time: 3/15/2023 6:14:31 PM Exception Message: Could not find file '\XXXXX01\Files\51372\Working.xml'.
Please help. I been bashing my head against the wall for a week now.
Upvotes: 2
Views: 593
Answers (1)
Reputation: 163577
If you want to match all 3 lines without capture groups, where the first line contains [ERR]
.*\[ERR]\h*(?:\R.*){2}
Or matching all following lines that contain Exception
.*\[ERR]\h*(?:\R.*\bException\b.*){2}
Upvotes: 1
Related Questions
- Find and kill a process in one line using bash and regex
- Find strings in a log file for zabbix monitoring
- Zabbix - for site monitoring zabbix does not check for the next monitor if its found status is ERROR
- Log file monitoring with zabbix 3
- Zabbix Log monitoring: How to get notifications such that all error logs appear in one mail
- How to set Zabbix Log Monitor to start from where it left last time
- Zabbix error expression vfs.file.regexp
- Matching single log entries with perl regex