koit12
Contributor
Contributor

Strange behaviour with regular expression in symptom definition

Hi,

I'm trying to create a symptom that should trigger when a ESXi host doesn't comply with our NTP server policy.

We are using "ntp1.ourdomain.com, ntp2.ourdomain.com, ntp3.ourdomain.com" as standard for all our hosts.

The symptom should trigger when a host deviates from this.

To accomplish this I'm using the following regexp in the symptom definition:

ntp[123].ourdomain.com, ntp[123].ourdomain.com, ntp[123].ourdomain.com

This results in a match on the online regexp tester: https://regex101.com/

Here is a XML export:

<?xml version="1.0" encoding="UTF-8"?><alertContent>

    <SymptomDefinitions>

        <SymptomDefinition adapterKind="VMWARE" id="SymptomDefinition-e9013e2f-090b-47c7-a70d-01ff985fb2db" name="_ESXi Host have wrong NTP server settings" resourceKind="HostSystem">

            <State severity="warning">

                <Condition key="config|security|ntpServer" operator="notregex" thresholdType="static" type="property" value="ntp[123].mydomain.com, ntp[123].mydomain.com, ntp[123].mydomain.com" valueType="string"/>

            </State>

        </SymptomDefinition>

    </SymptomDefinitions>

</alertContent>

This is what happens during testing:

1. When the symptom is set to trigger when the regexp doesn't match

1a. Host with correct NTP: Symptom triggers with the following message:

NTP server "ntp1.mydomain.com, ntp3.mydomain.com, ntp2.mydomain.com" not matches regular expression "ntp[123].mydomain.com, ntp[123].mydomain.com, ntp[123].mydomain.com"

1b. Host with incorrect NTP: Symptom does not trigger

2. When the symptom is set to trigger when the regexp match

2a. Host with correct NTP: Symptom triggers with the following message:

NTP server "ntp1.mydomain.com, ntp3.mydomain.com, ntp2.mydomain.com" matches regular expression "ntp[123].mydomain.com, ntp[123].mydomain.com, ntp[123].mydomain.com"

2b. Host with incorrect NTP: Symptom does not trigger

This is confusing.

The symptom triggers on the host with correct NTP settings both when the symptom match and when the symptom doesn't match

On hosts with incorrect NTP settings the symptom never triggers.

I've cancelled the associated alert several times and waited for several collection cycles. Always the same result.

Am I doing something wrong or is this a bug?

Tags (2)
0 Kudos
2 Replies
daphnissov
Immortal
Immortal

What is the behavior if you change the regex to [1-3] ?

0 Kudos
koit12
Contributor
Contributor

Hi,

I tried you suggestion, but I got the same result.

Is there a bug in vROps Regexp implementation?

0 Kudos