[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
multi line content match
|
From: |
Lutz Mader |
|
Subject: |
multi line content match |
|
Date: |
Sun, 19 Aug 2018 14:54:59 +0200 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
Hello Tildeslash,
a question of understanding only.
I try to check an application log and try to get information from
messages are spanning to multiple lines, but I can't.
Is the content match limited to single lines only?
Something like this works well
if match "^java.lang.OutOfMemoryError.*" then alert
if match "^java.io.FileNotFoundException.*Too many open files.*" then alert
if match "^java.io.IOException.*Too many open files.*" then alert
if match "^java.io.IOException.*There is not enough space in the file
system.*" then alert
But I get one line only.
Thanks for any suggestion,
Lutz
p.s.
I increase fileContentBuffer to 1024 B to get the whole data, from long
lines.
p.s.
Something like the following collect some more lines (into
MONIT_DESCRIPTION), but is not very useful to handle and match
unpredictable lines sometimes
if match "(prefix1|prefix2|prefix3) .*" then alert
The prefixes are the first words of the lines I'm interesting in.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- multi line content match,
Lutz Mader <=