a question of understanding only.
I try to check an application log and try to get information from
messages are spanning to multiple lines, but I can't.
Is the content match limited to single lines only?
Something like this works well
if match "^java.lang.OutOfMemoryError.*" then alert
if match "^java.io.FileNotFoundException.*Too many open files.*" then alert
if match "^java.io.IOException.*Too many open files.*" then alert
if match "^java.io.IOException.*There is not enough space in the file
system.*" then alert
But I get one line only.
Thanks for any suggestion,
I increase fileContentBuffer to 1024 B to get the whole data, from long
Something like the following collect some more lines (into
MONIT_DESCRIPTION), but is not very useful to handle and match
unpredictable lines sometimes
if match "(prefix1|prefix2|prefix3) .*" then alert
The prefixes are the first words of the lines I'm interesting in.