user_alert.conf limited regex

Question

Hello,It seems regex in user_alert.conf are limited but I didn't find any good documentation.I would like a script to be executed with this log line:Aug 27 09:03:42 xxxxxxxx.mgt.xxxxxxxx.corp notice tmm2[26043]: 01490549:5: /Common/xxxxxxxx_policy:Common:eb1a58a1: Assigned PPP Dynamic IPv4: 100.100.100.100 ID: d60f8480 Tunnel Type: VPN_TUNNELTYPE_DTLS NA Resource: /Common/Network_xxxxxx Client IP: 100.100.100.200But not with:Aug 27 09:03:42 xxxxxxxx.mgt.xxxxxxxx.corp notice tmm2[26043]: 01490549:5: /Common/xxxxxxxx_policy:Common:eb1a58a1: Assigned PPP Dynamic IPv4: 100.100.100.100 ID: d60f8480 Tunnel Type: VPN_TUNNELTYPE_DTLS NA Resource: /Common/Network_xxxxxx Client IP: 100.100.100.200 - Reconnect&nbsp;This line takes both but works:alert log_username_vpn_ip "Assigned PPP Dynamic IPv4" {&nbsp; &nbsp; exec command="/shared/scripts/xxxxxxxxxxx.sh"}&nbsp;&nbsp;These two should work but make alertd restarting over and over:alert log_username_vpn_ip "Assigned PPP Dynamic IPv4.*\d$" {&nbsp; &nbsp; exec command="/shared/scripts/xxxxxxxxxxx.sh"}alert log_username_vpn_ip "Assigned PPP Dynamic IPv4.*\d(?!.*Reconnect)" {&nbsp; &nbsp; exec command="/shared/scripts/log_username_vpn_ip_logon.sh"}&nbsp;Any idea?

petewhite · Answer

maybe tcl string match?&nbsp;

Forum Discussion

user_alert.conf limited regex

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

APM VPN LDAP POOL can't contact ldap server.

LTM issue Openning new web browser tab

Issues Integrating Compass Mobile Tree with F5

SSO login for APM Profiles

Can F5 restrict the file types transferred via FTP?

Related Content

Regex issue

HTTP/1.1’s Limitations - and How F5 Has You Covered

Regex for dynamic URI

F5 custom user_alert.conf same trap with alert.conf

Regular expressions in user_alert.conf

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS