Regular expression format in user_alert.conf

Question

I'm trying to use iCall and an event from user_alert.conf to fail over a BIG-IP VE cluster if an arbitrary BGP neighbor goes down. I have the handler and script working just fine if the event only looks in my logs for a static phrase, but when I have it look for a regex instead, it no longer works. However, if I test in a tool like regex101 with my expression and a log entry, it matches just fine.Here's my user_alert.conf (sanitized of course)alert bgp_neighbor_down "neighbor 100.200.[0-9]{1,3}.[0-9]{1,3} Down" {
        exec command="tmsh generate sys icall event neighbordown context { { name protocol value bgp } }"
}And one of the logs I'm trying to match on:2024/06/20 15:04:32 informational: BGP : %BGP-5-ADJCHANGE: neighbor 100.200.30.4 Down BGP Notification CEASEIf I then run&nbsp;imish and shut down a neighbor that should match that regex, the device I'm on stays active.Any thoughts on what else I can try?

zamroni777 · Answer

"." means any character in regex.replace it with \x02Ehttps://man7.org/linux/man-pages/man7/ascii.7.htmlhttps://www.tcl.tk/man/tcl8.4/TclCmd/re_syntax.htm#M41

Forum Discussion

Regular expression format in user_alert.conf

1 Reply

Recent Discussions

"Brighten Your Health: Vitamin Dee Me Gummies Now Available in South Africa"

Need help on CLI command to fetch < VIP Name + current connections >

Glycogen Control Australia Is Right For You See Here

APM combine check for ldap group plus IP ACL

Error in REST https call to get the Auth token v15.1.8

Related Content

Advanced iRules: Regular Expressions

Regular expressions in user_alert.conf

Parameter Value - Regular Expression

Using Perl Compatible Regular Expressions (PCRE) in Protocol Inspection Custom Signatures

LTM stream profile: Multiple replacements & regular expressions