Use Regular Expressions to Refine the Set of Events That Trigger a Policy
You can more precisely define which events trigger an event policy by using regular expression matching. When you define an event policy, you specify the events that trigger the policy. Many events have one or more attributes, which you can reference in event policies. You can configure an event policy to trigger only if the event's attribute matches some specified regular expression.
To match an event attribute against a regular expression, include the
matches statement at the [edit
event-options policy policy-name
attributes-match] hierarchy level. To specify the text
string that must be present in an event attribute to trigger the policy,
specify the regular expression that the event attribute must match.
[edit event-options policy policy-name attributes-match] event.attribute-name matches regular-expression;
When you specify the regular expression, use the notation defined in POSIX Standard 1003.2 for
extended (modern) UNIX regular expressions. Table 1 specifies which character or characters are matched by some of the
regular expression operators that you can use in the
matches statement. In the descriptions, the term
term refers to either a single alphanumeric character or a
set of characters enclosed in square brackets, parentheses, or braces.
The matches statement is not case-sensitive.
Operator |
Matches |
|---|---|
. (period) |
One instance of any character. |
* (asterisk) |
Zero or more instances of the immediately preceding term. |
+ (plus sign) |
One or more instances of the immediately preceding term. |
? (question mark) |
Zero or one instance of the immediately preceding term. |
| (pipe) |
One of the terms that appear on either side of the pipe operator. |
! (exclamation point) |
Any string except the one specified by the expression, when the exclamation point appears at the start of the expression. Use of the exclamation point is specific to Junos OS. |
^ (caret) |
The start of a line, when the caret appears outside square brackets. One instance of any character that does not follow it within square brackets, when the caret is the first character inside square brackets. |
$ (dollar sign) |
The end of a line. |
|
One instance of one of the enclosed alphanumeric characters.
To indicate a range of characters, use a hyphen ( |
|
One instance of the evaluated value of the enclosed term. Parentheses are used to indicate the order of evaluation in the regular expression. |
Explaining regular expression syntax is beyond the scope of this document. For some additional information, see Regular Expressions.
Example: Controlling Event Policy Using a Regular Expression
In this example, the event policy triggers if an
SNMP_TRAP_LINK_DOWN event occurs within 120
seconds of an SNMP_TRAP_LINK_UP event. However, the
event policy only triggers if the interface-name
attribute in both traps match each other and the
interface-name attribute in the
SNMP_TRAP_LINK_DOWN trap starts with letter
g. Thus, the event policy triggers only
for ge-* interface events. The policy does not trigger when the
eventd process receives traps from other
interfaces.
In system log files, the message tags appear in all uppercase letters. In the CLI, the message tags appear in all lowercase letters.
[edit event-options]
policy pol6 {
events snmp_trap_link_down;
within 120 events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name equals snmp_trap_link_down.interface-name;
snmp_trap_link_down.interface-name matches "^g";
}
then {
execute-commands {
commands {
"show interfaces {$$.interface-name}";
"show configuration interfaces {$$.interface-name}";
}
output-filename config.txt;
destination bsd2;
output-format text;
}
}
}