0 Replies Latest reply on Dec 13, 2017 12:52 PM by mynameisbear

    Regular Expression grouping and alternating operators not working as expected

    mynameisbear

      I would like to use the () and | operators to alert on syslog messages.

       

      Example log messages:

       

      GlobalProtect gateway client configuration released. User name: dude, Private IP: 192.168.3.33, Client version: 4.0.3-31

      GlobalProtect gateway client configuration released. User name: bear, Private IP: 192.168.3.30, Client version: 4.0.3-31

      GlobalProtect gateway client configuration released. User name: guy, Private IP: 192.168.3.30, Client version: 4.0.3-31

       

      Using standard regular expression syntax, this expression matches all 3 of the above:

       

      .*GlobalProtect.*(dude|bear|guy).*

       

      However, this is not matched in the Orion syslog "Message Pattern" box (at /orion/netperfmon/syslog.aspx) , nor is it matched in the syslog alert configuration tool in the Syslog Viewer, not even if you enable regular expression matching.

       

      WHAT DO?