Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Kiwi Syslog Server > Kiwi Syslog Server Administrator Guide > Add rules, filters, and actions > Add a filter > Filter messages based on message text

Filter messages based on message text

Table of contents
No headers

This feature is available only in the licensed version.

Use the Message text filter to include or exclude messages based on the content of the message. Only included messages trigger the actions in the associated rule. For example, you can create rules to send an email or run a script when a message contains specific text strings.

If a rule does not contain a Message text filter, all messages are included.

  1. From the Kiwi Syslog Service Manager, choose File > Setup.
  2. Add a new rule, or locate an existing rule.
  3. Right-click the Filters node below the rule, and choose Add Filter.
  4. Replace the default name with a descriptive name. (The name does not have to be unique.)
  5. In the Field menu, select Message text.

  6. Select an option from the Filter Type menu, and specify one or more text strings.

    Simple

    Enter one or more text strings, enclosed in quotes. There is an OR relationship between the strings. A message meets the filter criteria (returns TRUE) if it includes any of the strings.

    • Select the C button to make the search case-sensitive.
    • Select the S button to perform a substring search (the default). A substring search returns TRUE if the text string appears anywhere in the message.

      Deselect the S button to perform a whole string search. A whole string search returns TRUE only if the text string matches the entire message text.

      Example: If the text string is "down" and the messages is System down, a substring search returns TRUE, but a whole string search does not.

    In the following example, a message is included if it contains POP3 or SMTP or MAPI. The filter is not case-sensitive.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_Admin_Guide/KSS_Admin_Guide_updates/0010-Add_rules_filters_and_actions/0030-Add_a_filter/0040-Filter_messages_based_on_message_text/filter_message_text_simple.png

    Complex

    Enter one or more text strings to include, exclude, or both. Enclose each string in quotes. There is an OR relationship between strings on the same line.

    Optionally, enter strings on the And line to include a Boolean AND operator.

    Include

    The message is included if it contains any string on the Include line and any string on the And line.

    In the following example, a message is included if it contains (server or system) and (down or inaccessible).

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_Admin_Guide/KSS_Admin_Guide_updates/0010-Add_rules_filters_and_actions/0030-Add_a_filter/0040-Filter_messages_based_on_message_text/filter_message_text_complex_include.png

    The message "The system is down" is included, but not "The system is up."

    Exclude

    The message is excluded if it contains any string on the Exclude line and any string on the And line.

    In the following example, a message is excluded if it contains recommended action (not case-sensitive) and None required. (case sensitive).

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_Admin_Guide/KSS_Admin_Guide_updates/0010-Add_rules_filters_and_actions/0030-Add_a_filter/0040-Filter_messages_based_on_message_text/filter_message_text_complex_exclude.png

    Both

    You can use both the Include and Exclude sections. In the following example, the message is included if it contains (server or system) and (down or inaccessible) but does not contain test.

    The message System down is included, but not the message Test system down.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_Admin_Guide/KSS_Admin_Guide_updates/0010-Add_rules_filters_and_actions/0030-Add_a_filter/0040-Filter_messages_based_on_message_text/filter_message_text_complex_include_exclude.png

    RegExp

    Enter one or more regular expressions to specify text strings to include or exclude.

  7. (Optional) Test the filter.
  8. Click Apply to save the filter.

    Only included messages trigger the actions in the associated rule.

Last modified
17:36, 17 Mar 2017

Tags

Classifications

Public