Hi
Hopefully someone can help me understand what is going wrong.
I'm trying to monitor a log file for changes using logwatch.
The logfile is one i'm creating using dos rasdial to connect to a vpn and do certain tests, so log format is:
14-12-2009 13:05:00,19
Connecting to BDO PPTP...
Verifying username and password...
Registering your computer on the network...
Successfully connected to BDO PPTP.
Command completed successfully.
Pinging 10.1.25.1 with 32 bytes of data:
Request timed out.
Reply from 10.1.25.1: bytes=32 time=90ms TTL=128
Reply from 10.1.25.1: bytes=32 time=34ms TTL=128
Reply from 10.1.25.1: bytes=32 time=34ms TTL=128
Ping statistics for 10.1.25.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 90ms, Average = 52ms
Pinging 10.1.1.1 with 32 bytes of data:
Request timed out.
Reply from 10.1.1.1: bytes=32 time=34ms TTL=63
Reply from 10.1.1.1: bytes=32 time=34ms TTL=63
Reply from 10.1.1.1: bytes=32 time=34ms TTL=63
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 34ms, Average = 34ms
Command completed successfully.
then i'm using logwatch and try to look for changes, but so far all i can catch is the ping failure, maybe my regex code is wrong?
<parser processAll="0">
<file>c:\netxms\bdo_pptp_vpn_log.txt</file>
<macros>
<macro name="timestamp">[0-9]{2}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}</macro>
</macros>
<rules>
<rule break="1">
<match>^(?=.*?\connection\b)(?=.*?\cannot\b)(?=.*?\completed\b).*$</match>
<event>100009</event>
</rule>
<rule break="1">
<match>^(?=.*?\computer\b)(?=.*?\not\b)(?=.*?\respond\b).*$</match>
<event>100010</event>
</rule>
<rule break="1">
<match>Request timed out.</match>
<event>100008</event>
</rule>
</rules>
</parser>