Regular expression format in user_alert.conf

Question

I'm trying to use iCall and an event from user_alert.conf to fail over a BIG-IP VE cluster if an arbitrary BGP neighbor goes down. I have the handler and script working just fine if the event only looks in my logs for a static phrase, but when I have it look for a regex instead, it no longer works. However, if I test in a tool like regex101 with my expression and a log entry, it matches just fine.Here's my user_alert.conf (sanitized of course)alert bgp_neighbor_down "neighbor 100.200.[0-9]{1,3}.[0-9]{1,3} Down" {
        exec command="tmsh generate sys icall event neighbordown context { { name protocol value bgp } }"
}And one of the logs I'm trying to match on:2024/06/20 15:04:32 informational: BGP : %BGP-5-ADJCHANGE: neighbor 100.200.30.4 Down BGP Notification CEASEIf I then run&nbsp;imish and shut down a neighbor that should match that regex, the device I'm on stays active.Any thoughts on what else I can try?

zamroni777 · Answer

"." means any character in regex.replace it with \x02Ehttps://man7.org/linux/man-pages/man7/ascii.7.htmlhttps://www.tcl.tk/man/tcl8.4/TclCmd/re_syntax.htm#M41

Forum Discussion

Regular expression format in user_alert.conf

Recent Discussions

BIG-IP SysLog appearing in ossec.log

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

Related Content

Advanced iRules: Regular Expressions

Regular expressions in user_alert.conf

Parameter Value - Regular Expression

Using Perl Compatible Regular Expressions (PCRE) in Protocol Inspection Custom Signatures

LTM stream profile: Multiple replacements & regular expressions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS