A frequent request is to monitor log files on UNIX/Linux for lines that contains certain keywords but not other and to be able to configure the interval.
For this I wrote a custom DataSource that can be used like this:
<DataSource ID=”EventDS” TypeID=”Unix.Test.LogFile.SCXLog.Datasource”> <Host>$Target/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$</Host> <LogFile>/tmp/LogFileForTest1</LogFile> <MatchRegExpFilter>(y|Y)es|included|mandatory</MatchRegExpFilter> <ExclusionRegExpFilter>(N|n)o|excluded|avoid|illegal</ExclusionRegExpFilter> <IntervalSreconds>30</IntervalSeconds> </DataSource>
This will detect any line that contains yes OR Yes OR included OR mandatory BUT will not contains: No OR no OR excluded OR avoid OR illegal.
You can do same thing (exclusion) using regular expression (?! Operator) but I think is more easy to understand this
MatchRegExpFilter uses Basic Regular Expressions (BRE) supplied by the O/S C runtime library so verify your expression follows that format , Log onto the remote system and verify that your expression does work
ExclusionRegExpFilter is being executed on Windows side using the .NET regexp libraries
You can find the MP here Unix.Test.LogFile.xml