This feature is available only in the licensed version.
Use the Message text filter to include or exclude messages based on the content of the message. Only included messages trigger the actions in the associated rule. For example, you can create rules to send an email or run a script when a message contains specific text strings.
If a rule does not contain a Message text filter, all messages are included.
- From the Kiwi Syslog Service Manager, choose File > Setup.
- Add a new rule, or locate an existing rule.
- Right-click the Filters node below the rule, and choose Add Filter.
- Replace the default name with a descriptive name. (The name does not have to be unique.)
In the Field menu, select Message text.
Select an option from the Filter Type menu, and specify one or more text strings.
|Simple || |
Enter one or more text strings, enclosed in quotes. There is an OR relationship between the strings. A message meets the filter criteria (returns TRUE) if it includes any of the strings.
- Select the C button to make the search case-sensitive.
Select the S button to perform a substring search (the default). A substring search returns TRUE if the text string appears anywhere in the message.
Deselect the S button to perform a whole string search. A whole string search returns TRUE only if the text string matches the entire message text.
Example: If the text string is
"down" and the messages is
System down, a substring search returns TRUE, but a whole string search does not.
In the following example, a message is included if it contains
MAPI. The filter is not case-sensitive.
|Complex || |
Enter one or more text strings to include, exclude, or both. Enclose each string in quotes. There is an OR relationship between strings on the same line.
Optionally, enter strings on the And line to include a Boolean AND operator.
|Include || |
The message is included if it contains any string on the Include line and any string on the And line.
In the following example, a message is included if it contains (
system) and (
The message "The system is down" is included, but not "The system is up."
|Exclude || |
The message is excluded if it contains any string on the Exclude line and any string on the And line.
In the following example, a message is excluded if it contains
recommended action (not case-sensitive) and
None required. (case sensitive).
|Both || |
You can use both the Include and Exclude sections. In the following example, the message is included if it contains (
system) and (
inaccessible) but does not contain
System down is included, but not the message
Test system down.
|RegExp || |
Enter one or more regular expressions to specify text strings to include or exclude.
- (Optional) Test the filter.
Click Apply to save the filter.
Only included messages trigger the actions in the associated rule.