Considering the following error log, in a log file, which I am using as an input for nagios logwarn command -
[19910:7f88e07ff700:559445:000001] [] \nFatal error: File not found: ./postGetAds.php in /var/cake_1.2.0.6311-beta/app/webroot/openx/www/delivery/androidGetAd.php on line 302
The following regex works perfect, to detect if a "Fatal" string is present -
/^.*Fatal*/g
Here is the complete nagios logwarn command where I am using the above regex -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error -p /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log "^.*Fatal*"
And here is the output, as was so far desired -
Log errors: [Thu Jan 12 07:46:38 2017] [hphp] [19910:7f89543ff700:558024:000001] [] \nFatal error: File not found: ./postGetAd.php in /var/cake_1.2.0.6311-beta/app/webroot/openx/www/delivery/androidGetAd.php on line 302
Now, I want to do a modification, to ignore the matching of a log line if there is a string "File not found: " following the "Fatal", as in the above example error log.
The logwarn documentation mentions support for a negative checking expression and support for multiple regexpressions in the same command, like this -
logwarn -p -m '^myprog: ' '!retrying' 'ERROR'
So, I tried the following, which is still not giving the desired result (still matching the file not exists part) -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error -p /mnt/log/hiphop/error_20170118.log '^.*Fatal*' '!.*File not found\: \.\/postGetAd\.php'
In a practical scenario, I would be having multiple file paths whose corresponding "File not found" errors need to be ignored. The best solution could consider that as well.
Note - the regex here is POSIX flavor.
