问题
With the following log line added after the last invocation of check_logwarn command -
[Tue Nov 22 11:04:03 2016] [hphp] [10755:7f41af3ff700:6272:000001] [] SlowTimer [2086ms] at runtime/ext_m
ysql: slow query: SELECT b.bannerid, b.campaignid FROM ox_banners b, ox_campaigns c WHERE b.campaignid =
c.campaignid AND (b.status = 0 OR b.`updated` >= now() - INTERVAL 7 DAY) AND (c.status = 0 OR c.`updated`
>= now() - INTERVAL 7 DAY) AND b.updated >= '2016-11-22 11:03:01';
The following logwarn command, looking for SlowTimer, finds a matching log, as I expect (output is the entire log line which was added after the last invocation of the command) -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log ".*SlowTimer.*"
However, the following command looking for SlowTimers also finds a matching log, which I do not expect -
/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_hiphop_error /mnt/log/hiphop/error_`(date +'%Y%m%d')`.log ".*SlowTimers.*"
I tested the regex on https://regex101.com/, and /.*SlowTimer.*/g matches whereas /.*SlowTimers.*/g does not match anything. I think this is pretty simple regex and works similar across the various flavors.
When the command does not find anything matching (e.g. when there is no new log line after the last invocation), this is the output I get -
OK: No log errors found
I am expecting the above output when I look for .*SlowTimers.*.
Please find logwarn Manual for reference.
回答1:
Think you may need to use the -p flag:
-p Change default match behavior to non-matching. By default, if a log message doesn't match any of the positive or negative patterns, it is considered a match. This flag reverses this behavior so that these messages are considered non-matches.
Also I could be wrong about this but think the regex could be simplified to SlowTimers rather than .*SlowTimers.*. It isn't specifying start (^) and end ($) so could appear anywhere in the text.
来源:https://stackoverflow.com/questions/40740449/unable-to-correctly-parse-out-log-lines-containing-particular-keyword-using-ngin