NetXMS Support Forum

Hi,

When I try to use <match invert="1"> it desappear when I save.
Invert="1" desappears and all the line <match ...> remains, is it a bug?

In fact I would like to match a string in a message and not matching another string in the same message, I don't know if i'm being clear but if I am is that possible?

To be clear:
match "abc" but not match if "xyz" is in the message.



Regards.

Hi,

I suppose you are talking about server side syslog parser. Seems like a bug, I'll check.
But anyway, I don't see how invert will help you - I suppose you'll need two rules anyway: first rule will match "xyz" and stop processing, and second rule will match "abc" and do what is needed.

Best regards,
Victor

Yes it's on Syslog server side and you're right, I misunderstood the fonction of invert="1", that's not what I need.

When I match in a rule, I send an email (for ex ^{<Match>(.*)Error(.*)</match)->event->EPP->}mail contains syslog message).
But there is messages that contains "Error" and reveals useless (like error user connection or something...)

Maybe it's not possible to do that but there is what I want:
if ("abc" && NOT "XYZ") => Match (I mean send email)
if ("abc" && "XYZ") => don't Match (don't send mail)

Of course the test will apply on the same message text, in fact, I would like to seprate ^{"Error connection ... person1"} and ^{"Error connection... person2"}



Thanks a lot.