[snips-users] more regexp problems: notifier.pl and beep

[Date Prev] [Date Next]

[Thread Prev] [Thread Next]

[Date Index] [Thread Index]

[snips-users] more regexp problems: notifier.pl and beep_oncall

To: snips-users at navya com
Subject: [snips-users] more regexp problems: notifier.pl and beep_oncall
From: Scott Thompson <sco at openface ca>
Date: 26 Feb 2002 15:18:55 -0500

I've noticed a couple more malformed regexps in notifier.pl and the
example beep_oncall script (as of 1.2beta).  This is essentially the
same problem that has already been fixed in snipsweb.cgi and logstats.pl,
the undelimited alternative pattern "SITE|DEVICE".

The notifier.pl pattern has an additional problem in that it does not
escape brackets are to be matched:

/[(\S+)]:\s+SITE|DEVICE\s+(\S+)\s+(\S+)\s+.*\s*VAR\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+LEVEL/

Somewhat surprisingly, this pattern still matches event input lines,
but the positional parameters begin matching at the second subexpression.
Someone with superior regexp analysis can probably explain this better
than I can.

One effect this has (and my clue to tracking this down) is that notifier
has been sending mails with subjects of the form
"[snips] 192.168.1.5 WWWport (webserver)" whereas the script intends for
them to be of the form "[snips] $devicename $deviceaddr ($sender)".

Another effect, I believe, and one with more impact, is that with the
parameters "off by one" notifier.pl will not correctly recognize targets
that have been marked as hidden, and thus will send notifications for them
anyway.

Here is a corrected pattern:

/\[(\S+)\]:\s+(?:SITE|DEVICE)\s+(\S+)\s+(\S+)\s+.*\s*VAR\s+(\S+)\s+(\S+
)\s+(\S+)\s+(\S+)\s+LEVEL/

With this, the notification subjects looked better:

"[snips] webserver 192.168.1.5 (portmon)"

This time I used the ?: form in the SITE|DEVICE subexpression since no
backreference is required, and to prevent having to change any positional
parameters.  Thanks to Shinichi Maruyama for the original suggestion.

Patches for 1.2beta notifier.pl and beep_oncall are included below.

Cheers,
Scott


--- notifier.pl.orig    Thu Aug 16 23:15:33 2001
+++ notifier.pl Tue Feb 26 14:44:05 2002
@@ -328,7 +328,7 @@
   {
     chomp;
     $eventstr = $_;
-    if (/[(\S+)]:\s+SITE|DEVICE\s+(\S+)\s+(\S+)\s+.*\s*VAR\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+LEVEL/)
+    if (/\[(\S+)\]:\s+(?:SITE|DEVICE)\s+(\S+)\s+(\S+)\s+.*\s*VAR\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+LEVEL/)
     {
       my ($sender, $devicename, $deviceaddr, $varname, $varval) = ($1, $2, $3, $4, $5);
       # we check for device:addr:var and then for device:addr generic index


--- beep_oncall.orig    Tue Jan 29 23:36:19 2002
+++ beep_oncall Tue Feb 26 14:47:16 2002
@@ -28,7 +28,7 @@
 while (<STDIN>)
 {
 
-if(/.+\[(\S+)\]:\s+SITE|DEVICE\s+(\S+.+)\s+LEVEL\s+(\S+)\s+LOGLEVEL\s+(\S+)\s+.+
+if(/.+\[(\S+)\]:\s+(?:SITE|DEVICE)\s+(\S+.+)\s+LEVEL\s+(\S+)\s+LOGLEVEL\s+(\S+)\s+.+
 $/)
   {
     # print "Sender=$1, Device=$2, Level=$3, Loglevel=$4

Prev by Date: Re: [snips-users] No Subject on Notifier.pl Emails
Next by Date: [snips-users] ER: snipslogd and CIDR (plus TCP Wrappers?)
Previous by thread: [snips-users] No Subject on Notifier.pl Emails
Next by thread: [snips-users] ER: snipslogd and CIDR (plus TCP Wrappers?)
Index(es):
- Date
- Thread

Zyrion Traverse Network Monitoring & Network Management Software