Regex is a powerful pattern matching language used as part of many of the Nimsoft Probes and Tools, the following is a brief introduction to Regex and it’s usage within the Nimsoft NMS software.

Part 1 of this series of guides introduces the fundamentals of the regular expression language and some of its usages.

The first point to make is Nimsoft implementation regex is based around Perl’s implementation (Other flavors use differing syntax).

 
When specifying a pattern match using REGEX in NMS we need to tell the NMS software we want to use Regex, we do this by opening and closing the syntax with / [Forward-slash] as in the following example.
 
/<regex syntax goes here>/
 
The next most basic usage is the “match all” characters statement:
 
.*            (Dot Asterisk) – Dot represents any alpha-numeric, character or special character. Asterisk represents “Any number of times”. The two used in conjunction create the expression match anything any number of times (everything!)
 
|              (pipe Symbol) Is used as an OR operator
 
\              (Back-slash) Is the escape character operator and is used to escape special characters. As a example if you wanted to match a back-slash in an expression, it has a special meaning in regex and hence has to be escaped like \\
 
\s            Matches white spaces, ie breaks between words
 

NOTE:  NAS and other probe do NOT work with SPACES " ". You need to make sure if you have spaces in your Regex to use \s

Examples:

/*Test Alarm*/ (NOT OK)

/*Test\sAlarm*/ (OK)

(?i)           Makes the following information case insensitive

Example:

/.*Test\sAlarm.*/             matches a string: Testing Alarm But DOES NOT match: testing alarm.

/(?i).*Test\sAlarm.*/        matches a string: Testing Alarm AND matches: testing alarm.

 
Let’s take a look at a very simple REGEX statement to match an alarm with the message of:
 

Average (5 samples) total cpu is now 82.61%, which is above the warning threshold (75%)

 
 
/.*total\scpu.*above.*threshold./
 
The above expression would match an alarm that comes into the NAS wich states total cpu is above its defined threshold. Using the example and syntax definitions try to work out how this works.
 
 
Now let’s imagine we would like to match a similar alarm but for memory:
 

Average (5 samples) total cpu is now 82.61%, which is above the warning threshold (75%)

 
 
We could write a similar expression as to the one previous, however in some cases it might make more sense to have one regex rule match both alarms we do this by using “grouping” syntax and the | (pipe) [OR] operator.
 
()             (Open, Close Parenthesis) Wrapping syntax in parenthesis creates a “group” this is useful to us in two ways. It allows us to isolate certain parts of our syntax and hence use operators local to that part of the expression or use references to those “groups” in the NMS software (The logmon probe is a good example of addressing groups). In the following example we use a “group” to isolate part of our syntax so we can use the OR operator on just that section of the expression.
 
/.*total\s(cpu|memory).*above.*threshold.*/
 
Notice the group (cpu|memory) section which essentially states if the string matches cpu OR memory then match. Grouping this section is very important without the parenthesis the expression would say match the string:
 
total cpu
OR
Memory above threshold
 
So that’s the basics covered and you should now be able to create pattern matches based on regular expressions within the Nimsoft NMS Software. You will find these techniques especially useful then using the NAS Auto-Operators and probes such as Logmon.