Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Kiwi Syslog Server > Kiwi Syslog Server Administrator Guide > Add rules, filters, and actions > Add an action > Message content or counters

Message content or counters

When you add an action, this option allows you to choose a variable or counter from a popup menu. The variable is then replaced with the current value before the message is sent. For example %MsgText is replaced with the text of the current syslog message.

To add a variable:

  1. Position your cursor where you want to insert the variable.
  2. Click Insert message content or counter.
  3. Select a variable.

The following variables are available.

All of the message

Parameter: %MsgAll

Explanation: The whole message as it appears on the display. Including the time, date, priority and message text. Each field is space delimited.

Example: 2005-10-10 11:28:04 Local7.Debug host.company.com. This is a test message.

Date

Parameter: %MsgDate

Explanation: The date the message arrived in the format YYYY-MM-DD

Example: 2005-02-18

Time

Parameter: %MsgTime

Explanation: The time the message arrived in the format HH:MM:SS

Example: 22:30:16

Facility

Parameter: %MsgFacility

Explanation: The facility of the message in text format.

Example: Local7, Mail

Level

Parameter: %MsgLevel

Explanation: The level of the message in text format.

Example: Debug, Info

Host address of sender

Parameter: %MsgHost

Explanation: The host IP address of the sending device.

Example: 192.168.1.1

The message text

Parameter: %MsgText

Explanation: The message text part of the syslog message

Example: This is a test message

Alarm min msg threshold

Parameter: %MsgAlarmMin

Explanation: The threshold level set for the minimum message count alarms

Example: 100 (messages per hour minimum)

Alarm max msg threshold

Parameter: %MsgAlarmMax

Explanation: The threshold level set for the maximum message count alarms

Example: 5000 (messages per hour maximum)

Alarm disk space threshold

Parameter: %MsgAlarmDisk

Explanation: The threshold level set for the minimum disk space remaining in MB

Example: 90 (MB)

Message count this hour

Parameter: %MsgThisHour

Explanation: The number of messages received so far this hour.

Example: 254

Message count last hour

Parameter: %MsgLastHour

Explanation: The number of messages received in the last hour

Example: 254

Machine MAC address

Parameter: %MACAddress

Explanation: The MAC address value of the first network adaptor found.

Example: AA-BB-CC-DD-EE-FF-00

Rule Name

Parameter: %RuleName

Explanation: The name of the Rule which triggered this action.

Example: EmailAction

Custom/Global/Statistics fields (Only in the registered version)

VarCustom01 to VarCustom16

Parameter: %VarCustom01 to %VarCustom16

Explanation: There are 16 custom fields that can be modified by the Run Script action. If these fields have not been modified by the script, they will be blank. Be aware that a blank autosplit value may result in an invalid file name. The custom field values are cleared when a new message arrives. They are only valid for the current message. To store values longer than a single message, use VarGlobal fields.

Example: Any value that the script creates can be used.

VarGlobal01 to VarGlobal16

Parameter: %VarGlobal01 to %VarGloabl16

Explanation: There are 16 global fields that can be modified by the Run Script action. If these fields have not been modified by the script, they will be blank. Be aware that a blank autosplit value may result in an invalid file name. The global fields retain their value between messages.

Example: Any value that the script creates can be used.

VarStats01 to VarStats16

Parameter: %VarStats01 to %VarStats16

Explanation: There are 16 statistics fields that can be modified by the Run Script action. The statistics fields retain their value between messages. You can modify the names associated with the statistics fields and their initial value from the Script options section on the setup window. The custom statistics values are viewable on the statistics display and on the daily statistics e-mail.

Example: Any value that the script creates can be used.

Last modified
12:25, 2 Mar 2017

Tags

Classifications

Public