TheWitness
commented
2 years ago Making a slight change. Keep reporting.
Closed anarkia1976 closed 2 years ago
TheWitness
commented
2 years ago Making a slight change. Keep reporting.
anarkia1976
commented
2 years ago Hi @TheWitness , a lot of errors are fixed. I have a new one:
2022-03-28 15:05:30 - CMDPHP SQL Backtrace: (/plugins/syslog/syslog_process.php[192]:syslog_process_alerts(), /plugins/syslog/functions.php[1174]:syslog_process_alert(), /plugins/syslog/functions.php[1258]:syslog_db_fetch_assoc_prepared(), /plugins/syslog/database.php[167]:db_fetch_assoc_prepared(), /lib/database.php[613]:db_execute_prepared())
2022-03-28 15:05:30 - CMDPHP ERROR: A DB Row Failed!, Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ';) AND `status` = '44'' at line 1The syntax used for message match string is correct? SELECT * FROM syslog_incoming WHERE message REGEXP 'EXAMPLE';
thanks a lot
TheWitness
commented
2 years ago I'm going to put the SQL in the debug output.
TheWitness
commented
2 years ago Take a fresh copy first. I did some updates today.
anarkia1976
commented
2 years ago hi @TheWitness , unfortunally when i configure a rule with "sql expression" i have these errors and the rule isn't processed:
2022-03-29 10:50:40 - CMDPHP SQL Backtrace: (/plugins/syslog/syslog_process.php[193]:syslog_process_alerts(), /plugins/syslog/functions.php[1174]:syslog_process_alert(), /plugins/syslog/functions.php[1258]:syslog_db_fetch_assoc_prepared(), /plugins/syslog/database.php[167]:db_fetch_assoc_prepared(), /lib/database.php[613]:db_execute_prepared())
2022-03-29 10:50:40 - CMDPHP ERROR: A DB Row Failed!, Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ';) AND `status` = '22'' at line 1
2022-03-29 10:50:40 - CMDPHP PHP ERROR NOTICE Backtrace: (/plugins/syslog/syslog_process.php[193]:syslog_process_alerts(), /plugins/syslog/functions.php[1174]:syslog_process_alert(), /plugins/syslog/functions.php[1373]:CactiErrorHandler())
2022-03-29 10:50:40 - ERROR PHP NOTICE in Plugin 'syslog': Undefined index: message in file: /var/www/html/cacti/plugins/syslog/functions.php on line: 1373
2022-03-29 10:50:40 - CMDPHP PHP ERROR NOTICE Backtrace: (/plugins/syslog/syslog_process.php[193]:syslog_process_alerts(), /plugins/syslog/functions.php[1174]:syslog_process_alert(), /plugins/syslog/functions.php[1373]:CactiErrorHandler())
2022-03-29 10:50:40 - ERROR PHP NOTICE in Plugin 'syslog': Undefined index: message in file: /var/www/html/cacti/plugins/syslog/functions.php on line: 1373
2022-03-29 10:50:40 - MAILER INFO: Mail successfully sent via Sendmail from 'cacti.soc.monitoring <cacti.soc.monitoring@fwse.it>', to 'stefano.villa@fastweb.it', cc '', and took 0.01 seconds, Subject 'Event Alert - FORTIGATE - HA - FAILURE'
2022-03-29 10:50:40 - CMDPHP PHP ERROR NOTICE Backtrace: (/plugins/syslog/syslog_process.php[193]:syslog_process_alerts(), /plugins/syslog/functions.php[1174]:syslog_process_alert(), /plugins/syslog/functions.php[1373]:CactiErrorHandler())
2022-03-29 10:50:40 - ERROR PHP NOTICE in Plugin 'syslog': Undefined index: message in file: /var/www/html/cacti/plugins/syslog/functions.php on line: 1373
2022-03-29 10:50:40 - CMDPHP PHP ERROR NOTICE Backtrace: (/plugins/syslog/syslog_process.php[193]:syslog_process_alerts(), /plugins/syslog/functions.php[1174]:syslog_process_alert(), /plugins/syslog/functions.php[1373]:CactiErrorHandler())
2022-03-29 10:50:40 - ERROR PHP NOTICE in Plugin 'syslog': Undefined index: message in file: /var/www/html/cacti/plugins/syslog/functions.php on line: 1373
2022-03-29 10:50:40 - MAILER INFO: Mail successfully sent via Sendmail from 'cacti.soc.monitoring <cacti.soc.monitoring@fwse.it>', to 'stefano.villa@fastweb.it', cc '', and took 0.01 seconds, Subject 'Event Alert - FORTIGATE - CONSERVE MODE'
2022-03-29 10:50:40 - CMDPHP PHP ERROR NOTICE Backtrace: (/plugins/syslog/syslog_process.php[193]:syslog_process_alerts(), /plugins/syslog/functions.php[1174]:syslog_process_alert(), /plugins/syslog/functions.php[1373]:CactiErrorHandler())
2022-03-29 10:50:40 - ERROR PHP NOTICE in Plugin 'syslog': Undefined index: message in file: /var/www/html/cacti/plugins/syslog/functions.php on line: 1373
2022-03-29 10:50:40 - CMDPHP PHP ERROR NOTICE Backtrace: (/plugins/syslog/syslog_process.php[193]:syslog_process_alerts(), /plugins/syslog/functions.php[1174]:syslog_process_alert(), /plugins/syslog/functions.php[1373]:CactiErrorHandler())
2022-03-29 10:50:40 - ERROR PHP NOTICE in Plugin 'syslog': Undefined index: message in file: /var/www/html/cacti/plugins/syslog/functions.php on line: 1373thanks a lot
TheWitness
commented
2 years ago Yea, I'm doing some of this blind. Thanks for testing.
TheWitness
commented
2 years ago Try again. This one latest one should be resolved.
TheWitness
commented
2 years ago @anarkia1976, Also note that MySQL/MariaDB regular expressions don't exactly follow Perl regular expressions. Several operators and shortcuts are not supported. Maybe someone can help MySQL/MariaDB update them. If found that the lack of support for say character or string shortcuts being missing a bit annoying. Things like \s, \w, \d, etc. that were added apparently in Perl 5.18 or so are missing.
anarkia1976
commented
2 years ago @anarkia1976, Also note that MySQL/MariaDB regular expressions don't exactly follow Perl regular expressions. Several operators and shortcuts are not supported. Maybe someone can help MySQL/MariaDB update them. If found that the lack of support for say character or string shortcuts being missing a bit annoying. Things like
\s,\w,\d, etc. that were added apparently in Perl 5.18 or so are missing.
Hi @TheWitness my msql regexp is very simple like this: SELECT * FROM syslog_incoming WHERE message REGEXP 'EXAMPLE'; do you have suggestions about syntax? thanks a lot
TheWitness
commented
2 years ago What is the exact regex in the form?
anarkia1976
commented
2 years ago SELECT * FROM syslog_incoming WHERE message REGEXP 'EXAMPLE';
What is the exact regex in the form?
@TheWitness i have found the culprint and the correct syntax:
SQL Match - Alert Rule: message regexp 'REALE|WIFI'
Now it is working without erros, matched both and alert via mail is working now.
thanks a lot
TheWitness
commented
2 years ago Yea, we have some regex test logic, but it's for a more recent version of the Perl Regex than what MySQL/MariaDB supports, so it would thing that your Regex is good when in fact, they won't support it. So, you have to search around.
So, in the form, did you quote the string, or leave the quote off?
anarkia1976
commented
2 years ago Yea, we have some regex test logic, but it's for a more recent version of the Perl Regex than what MySQL/MariaDB supports, so it would thing that your Regex is good when in fact, they won't support it. So, you have to search around.
So, in the form, did you quote the string, or leave the quote off?
This is exactly the string put in the alert rule
message regexp 'HOME|ROUTER|WIFI' and message regexp 'fgTrapHaMemberDown'
it's working a like a charm. thanks a lot @TheWitness
TheWitness
commented
2 years ago Okay, that's perfect, what I was expecting. I've added a Feature Request to provide immediate feedback when these types of filters are created BTW.
TheWitness
commented
2 years ago I just read this. Interesting. I'll have to give some thought at to how to accomplish this.
https://jira.mariadb.org/browse/MDEV-18523?jql=text%20~%20%22regexp%22
Hi @TheWitness ,
I tried to use the "sql expression" function in the "match type" section but unfortunately when an alarm arrives and the rules are activated, a series of PHP errors are encountered and the "syslog plugin" is disabled by informing the cacti administrator.
Example: SELECT * FROM syslog_incoming WHERE message REGEXP 'EXAMPLE';