multi line content match

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

multi line content match

Lutz Mader
Hello Tildeslash,
a question of understanding only.

I try to check an application log and try to get information from
messages are spanning to multiple lines, but I can't.

Is the content match limited to single lines only?

Something like this works well
if match "^java.lang.OutOfMemoryError.*" then alert
if match "^*Too many open files.*" then alert
if match "^*Too many open files.*" then alert
if match "^*There is not enough space in the file
system.*" then alert

But I get one line only.

Thanks for any suggestion,

I increase fileContentBuffer to 1024 B to get the whole data, from long

Something like the following collect some more lines (into
MONIT_DESCRIPTION), but is not very useful to handle and match
unpredictable lines sometimes

if match "(prefix1|prefix2|prefix3) .*" then alert

The prefixes are the first words of the lines I'm interesting in.

To unsubscribe: