C.6.1. LogAgent::Log Pattern Match
The LogAgent::Log Pattern Match probe uses regular expressions to match text located within the monitored log file and collects the following metrics:
Regular Expression Matches — The number of matches that have occurred since the probe last ran.
Regular Expression Match Rate — The number of matches per minute since the probe last ran.
Requirements — The Red Hat Network Monitoring Daemon (rhnmd) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse user must be granted read access to your log files.
In addition to the name and location of the log file to be monitored, you must provide a regular expression to be matched against. The expression must be formatted for egrep, which is equivalent to grep -E and supports extended regular expressions. This is the regular expression set for egrep:
^ beginning of line $ end of line . match one char * match zero or more chars [] match one character set, e.g. '[Ff]oo' [^] match not in set '[^A-F]oo' + match one or more of preceding chars ? match zero or one of preceding chars | or, e.g. a|b () groups chars, e.g., (foo|bar) or (foo)+
Do not include single quotation marks (') within the expression. Doing so causes egrep to fail silently and the probe to time out.
| Field | Value |
|---|---|
| Log file* | /var/log/messages |
| Basic regular expression* | |
| Timeout* | 45 |
| Critical Maximum Matches | |
| Warning Maximum Matches | |
| Warning Minimum Matches | |
| Critical Minimum Matches | |
| Critical Maximum Match Rate | |
| Warning Maximum Match Rate | |
| Warning Minimum Match Rate | |
| Critical Maximum Match Rate |
Table C.30. LogAgent::Log Pattern Match settings