[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [multitail] regex help



Laurent TAUPIAC wrote:

> René Berber a écrit :
>> Laurent TAUPIAC wrote:
>>
>>   
>>> i would like to filter some entries from apache log.
>>>
>>> i want to display
>>> - all lines that match "client 164.7.108.226" like
>>>
>>>     * /[Thu Nov 09 08:53:11 2006] [error] [client 164.7.108.226] PHP
>>>       Notice:  Undefined variable: toto in
>>>       /sg2/instdev2/htdocs/V4/_FO_/lta.old/bench/test.php on line 7/
>>>
>>>
>>> - all lines that don't match "client" like
>>>
>>>     * /[Thu Nov 09 08:53:11 2006] [notice] child pid 13313 exit signal
>>>       Segmentation fault (11)/
>>>
>>>
>>> I try several methods but without any success
>>>
>>> such one regexp that should do both thing (match IP or line with this
>>> format "[date][level] message")
>>> multitail -Em "(108.243|108.226)|^(\[.+?\]\s){2}(?!\[)" errors.log
>>>     
>>
>> Parameter m is incorrectly used.
>>
>> What is your objective?  First you say you want to match lines with "client"
>> (and all that don't match "client", nice contradiction, in other words: match
>> all lines) then your regex is trying to match a couple of IP addresses (you just
>> forgot to escape the dot).
>>
>>   
> In old doc, m was optionnal for E, meaning matching versus v for avoid.
> Anyway, without m, same result.

I see there is a -em but no -Em .

> I may be not clear on what i want.
> I want all line with one or two particular IP (the line that follow the
> format [client IP.IP.IP.IP] ) and all generique line not affected by an
> IP (those lines does not have entry such [client IP.IP.IP.IP]
> There is no contradiction.

> in following sample i wan't only 2 first
> 
> [Wed Nov 15 13:22:46 2006] [error] [client 164.7.108.226] PHP Notice: 
> Undefined variable: toto in
> /sg2/instdev2/htdocs/V4/_FO_/lta.old/bench/test.php on line 7
> [Wed Nov 15 13:22:47 2006] [notice] child pid 22968 exit signal
> Segmentation fault (11)
> [Wed Nov 15 13:22:46 2006] [error] [client 164.7.108.225] PHP Notice: 
> Undefined variable: foo in /sg2/instdev2/htdocs/V4/_FO_/foo.php on line 20
> 
> As i said before, I check this regex in tools like regexCoach or
> regexBuddy. It is valid and match what i want.
> I found that multitail compile the regex with look ahead assertion if i
> escape the question mark like \? , but it still dont work anyway.

Alternative:

    multitail -em "(\d\.\d\.108\.226|\d\.\d\.108\.226|^\[.+\] \[\S\] )"

but I think what you really want is the context option in GNU's grep (i.e. -A or
--after-context=NUM), to match the line with the IP address and show the next
line... I don't see that option in multitail.  You can ask for a new feature.
-- 
René Berber