The AsciiLog, RemoteProcessDown, NT_UnixRemoteProcessDown, and Syslog Knowledge Scripts enable you to use regular expressions to define include and exclude filters for pattern-matching against the text being evaluated. Where available, include and exclude filters can be used independently or together to give you a great deal of control in looking for and filtering text files. You can also use the regular expression modifiers to further refine your filtering.
For example, if your include filter contains replic.* and you specify the modifier i to make the search case insensitive, the regular expression contains the wildcard (.) and repeat (*) special characters, indicating you want to find strings that start with replic followed by any string of characters. Messages containing either replication or replicated are matched.
The format is the same for the exclude filter. For example, to find log entries that do not start with the string success, the exclude filter might be:
^success.*
If you are only searching for included strings, you can leave the exclude filter blank. If you want to retrieve all messages in the log in a given interval, you can specify .* for the include filter and leave the exclude filter blank.
The following special characters can be used in regular expressions:
|
Character |
Purpose |
|---|---|
|
. |
Wildcard for any one character |
|
* |
Repeat zero or more occurrences |
|
^ |
Beginning of the line |
|
\$ |
End of the line |
|
\ |
Escape the next meta-character |
|
| |
Alternate matches |
|
[ ] |
Any character in the class set. You can specify individual characters or ranges |
|
( ) |
Grouping characters. For example, you can specify (a|b|c) to indicate a match with a, or b, or c |
|
+ |
Quantifier indicating one or more occurrences |
|
? |
Quantifier indicating zero or one occurrence |
|
{n} |
Quantifier indicating exactly n occurrence |
|
\w |
A word character (alphanumeric plus _) |
|
\s |
A white-space character |
|
\d |
A digit character |
If you use any of these special characters in a literal string, you must “escape” it with a single backslash (\) character. For example, if you run the AsciiLog Knowledge Script, which scans an ASCII text file for specific strings and messages, and you want to search the log for the string www.netiq.com, the string you specify in the Knowledge Script parameter is www\.netiq\.com
In addition to the special characters you can use to create the regular expression, you can also use modifiers to change how pattern-matching is handled. Valid modifiers include:
|
Modifier |
Description |
|---|---|
|
c |
Complements the search list |
|
g |
Matches globally as many times as possible |
|
i |
Makes the search case insensitive |
|
m |
Treats the string as multiple lines |
|
o |
Interpolates variables only once |
|
s |
Treats the regular expression string as a single long line |
|
x |
Allows for regular expression extensions |