Skip to content

Commit

Permalink
Improve the regex for matching all ERR syslog (#3282)
Browse files Browse the repository at this point in the history 
The default regex used by loganalyzer for matching any ERR log message is simply "ERR".
This regex can match any log messages with string "ERR" and could raise false alarms for
log message like below:
'Apr 5 11:55:34.729009 vlab-01 INFO systemd[1]: run-docker-runtime\\x2drunc-moby-e5b9fe570311286438d6044a27c592b8d24d8d1033a9c90ea5e93507b6045017-runc.XrDERR.mount: Succeeded.

This change improved the regex from "ERR" to " ERR ". Then it is able to catch any real
"ERR" level log messages and raise less false alarm.

Signed-off-by: Xin Wang <[email protected]>
  • Loading branch information
@wangxin
wangxin authored Apr 8, 2021
1 parent 037453f commit 99b0bae
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ r, "kernel:.*Oops", "kernel:.*hung", "kernel.*oom\s"
r, "kernel:.*scheduling", "kernel:.*atomic", "kernel:.*panic"
r, "kernel:.*\serr", "kernel:.*allocation", "kernel:.*kill"
r, "kernel:.*kmemleak.*", "kernel:.* Err:"
s, "ERR"
s, " ERR "

0 comments on commit 99b0bae

Please sign in to comment.