Regular expression format in user_alert.conf

Question

I'm trying to use iCall and an event from user_alert.conf to fail over a BIG-IP VE cluster if an arbitrary BGP neighbor goes down. I have the handler and script working just fine if the event only looks in my logs for a static phrase, but when I have it look for a regex instead, it no longer works. However, if I test in a tool like regex101 with my expression and a log entry, it matches just fine.Here's my user_alert.conf (sanitized of course)alert bgp_neighbor_down "neighbor 100.200.[0-9]{1,3}.[0-9]{1,3} Down" {
        exec command="tmsh generate sys icall event neighbordown context { { name protocol value bgp } }"
}And one of the logs I'm trying to match on:2024/06/20 15:04:32 informational: BGP : %BGP-5-ADJCHANGE: neighbor 100.200.30.4 Down BGP Notification CEASEIf I then run&nbsp;imish and shut down a neighbor that should match that regex, the device I'm on stays active.Any thoughts on what else I can try?

zamroni777 · Answer

"." means any character in regex.replace it with \x02Ehttps://man7.org/linux/man-pages/man7/ascii.7.htmlhttps://www.tcl.tk/man/tcl8.4/TclCmd/re_syntax.htm#M41

Forum Discussion

Regular expression format in user_alert.conf

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Advanced iRules: Regular Expressions

Regular expressions in user_alert.conf

Parameter Value - Regular Expression

Using Perl Compatible Regular Expressions (PCRE) in Protocol Inspection Custom Signatures

LTM stream profile: Multiple replacements & regular expressions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS