The regex and logmon watcher seem to work fine for me too. But the -5.983 value in the sample is variable 9 in the regex, not variable 8. The regex also excludes the minus sign when the value is negative; is that intentional?
I tested by putting the sample output into a file and configured logmon to cat that file every check. It the watcher generates an alarm for me to check the variables and saves them to QoS, and the values were correct in both cases. Here is the logmon profile I used:
<TEST_ntp>
active = yes
interval = 1 min
scanfile = C:\Temp\ntp.log
scanmode = cat
alarm = yes
qos = yes
message = no
user =
monitor_exit_code = No
max_alarm_sev = 5
max_alarms =
max_alarm_msg =
password =
subject =
<watchers>
<output>
active = yes
match = /.servername.\S*(\d*?).\s*.(\d+).(\w).\s*.(\d+).\s*(\d+).\s*(\d+).\s*.\S*(\d*?).\s*(\S*).\s*.(\S*)./
level = major
subsystemid =
message = Got a match - var8 = $var8 / var9 = $var9
i18n_token =
restrict =
expect = no
abort = no
sendclear = no
count = no
separator =
suppid =
source =
target =
qos =
runcommandonmatch = no
commandexecutable =
commandarguments =
pattern_threshold =
expect_message =
expect_level =
<variables>
<var8>
definition = $8
qosactive = yes
qosname = <Default>
qostarget = var8
</var8>
<var9>
definition = $9
qosactive = yes
qosname = <Default>
qostarget = var9
</var9>
</variables>
</output>
</watchers>
</TEST_ntp>
We may be able to clean up the regex a bit too, which I started to do and then realized I might not know enough about how all of those values can look and still be legitimate.