Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Kiwi Syslog Server > Kiwi Syslog Server Administrator Guide > Scripting resources > Script variables

Script variables

The following variables are available for scripts used with Kiwi Syslog Server. Variables are passed to and from the script. Depending on the read/write permissions you set for the action or scheduled task, the variables can be modified and returned for use in the syslog program.

The variables are passed via a globally accessible object named "Fields." To access a variable, simply prefix the word "Fields." to the variable name.

Common fields

Fields.VarFacility

Details The Facility value of the message.
Type Integer (0-32767)
Range 0 to 23. Click here for a list of facilities.

Fields.VarLevel

Details The level value of the message.
Type Integer (0-32767)
Range 0 to 7. Click here for a list of levels.

Fields.VarInputSource

Details The input source of the message.
Type Integer (0-32767)
Range 0 to 4. 0=UDP, 1=TCP, 2=SNMP, 3 = KeepAlive, 4 = TLS/Syslog

Fields.VarPeerAddress

Details

The IP address of the sending device in nnn.nnn.nnn.nnn format. If the message has been forwarded from another syslog collector, this value contains the original sender's address.

Case A: Firewall device (192.168.1.1) ---> First syslog collector (192.168.1.2) ---> This syslog collector (192.168.1.3).

The field value would be 192.168.1.1.

Case B: Firewall device (192.168.1.1) ---> This syslog collector (192.168.1.3).

The field value would be 192.168.1.1.

Type String
Format nnn.nnn.nnn.nnn (Values are not zero padded.)
Example 192.168.1.67

Fields.VarPeerName

Details The host name of the sending device. This field will only contain resolved host name if the DNS lookup options are enabled and the lookup was successful. Otherwise it will contain the same value as VarPeerAddress in the format nnn.nnn.nnn.nnn. The name identifies the host portion of the fully qualified domain name (FQDN), it does not contain the domain suffix.
Type String
Format myhost

Fields.VarPeerDomain

Details

The domain name portion of the resolved FQDN. This is just the domain suffix, it does not contain the hostname. This field will only contain a value if the DNS lookup options are enabled and the lookup was successful. Otherwise it will contain an empty string ("").

Type String
Format mydomain.com

Fields.VarCleanMessageText

Details The message text after it has been modified (for example, header removed, DNS lookups, original address removed, and Cisco date removed).
Type String
Example %SEC-6-IPACCESSLOGP: list 101 denied udp 10.0.0.3 (firewall) (137) -> 216.7.14.105 (webserver.company. com) (137), 1 packet

Other fields

Fields.VarDate

Details The date the message was received
Type String (10 bytes)
Format YYYY-MM-DD
Example 2005-03-17

Fields.VarTime

Details The time the message was received
Type String (8 bytes)
Format HH:MM:SS
Example 23:10:04

Fields.VarMilliSeconds

Details The time the message was received in milliseconds past the second.
Type String (3 bytes)
Range 000 to 999
Format nnn (three bytes, zero padded)

Fields.VarSocketPeerAddress

Details

The IP address of the device, or the closest collector that sent the message.

Case A: Firewall device (192.168.1.1) ---> First syslog collector (192.168.1.2) ---> This syslog collector (192.168.1.3)

The field value would be 192.168.1.2.

Case B: Firewall device (192.168.1.1) ---> This syslog collector (192.168.1.3)

The field value would be 192.168.1.3.

Type String
Format nnn.nnn.nnn.nnn (Values are not zero padded.)
Example 192.168.1.67

Fields.VarPeerAddressHex

Details

The IP address of the device that sent the message converted to an 8 digit hex value.

The hex address is used for the IP Mask and IP Range filters. If you are making changes to the VarPeerIPAddress and want to use the IP Mask or Range filters, you must also make changes to the VarPeerAddressHex field.

Type String (8 bytes)
Range 00000000 to FFFFFFFF
Example C0A80102 (192.168.1.2 converted to 2 byte zero padded hex)

Fields.VarPeerPort

Details The UDP/TCP port that the message was sent from.
Type Integer (0-65535)
Range 0 to 65535
Typically A value greater than 1023

Fields.VarLocalAddress

Details The IP address that the message was sent to on this machine.
Type String
Examples 127.0.0.1, 192.0.2.0

Fields.VarLocalPort

Details The local machine UDP/TCP port that received the message
Type Integer (0-65535)
Range 0 to 65535
Typically 514 for UDP, 1468 for TCP, 162 for SNMP

Fields.VarPriority

Details The message priority value.
Type Integer (0-32767)
Range 0 to 191

Fields.VarRawMessageText

Details

The message as it was received before modification (includes <pri> tag, original address, etc.).

This field is read only. Changing the field within the script will not modify the equivalent program variable.

Custom fields

These fields are dynamic and are cleared with each new message. These fields can be used to hold the results of your script so they can be used in Log to file or Log to Database actions. The fields can also be passed to actions as parameters using the %VarCustom01 Insert message content or counter option or via the AutoSplit syntax. A good use for these fields would be breaking a message up into separate fields via the script and then logging them to file or database in the separate fields.

There are 16 custom fields available. Values from 1 to 9 are zero padded (VarCustom01 not VarCustom1).

Fields.VarCustom01 to Fields.VarCustom16: Inter-script fields

These fields are static and do not change with each message. These fields can be used to pass values from one script to another or hold values for modification by the same script at a later time. The values can also be passed to actions as parameters using the %VarGlobal01 Insert message content or counter option or via the AutoSplit syntax.

There are 16 global fields available. Values from 1 to 9 are zero padded (VarGlobal01 not VarGlobal1).

Fields.VarGlobal01 to Fields.VarGlobal16: Custom script fields

These fields are static and do not change with each message. These fields can be used to hold your own custom statistics and counters. The values can also be passed to actions as parameters using the % VarStats01 Insert message content or counter option.

The current field values can be viewed from the Statistics view window under the Counters tab. The custom stats are also included in the daily statistics e-mail.

The names and initial values of the Statistics fields can be set from the Scripting option

There are 16 custom statistics fields available. Values from 1 to 9 are zero padded (VarStats01 not VarStats1).

Fields.VarStats01 to Fields.VarStats16

Fields.VarGlobal01 to Fields.VarGlobal16: Control and timing fields

Fields.ActionQuit

Details This field can be set to determine what occurs after the script has been run. A value of 0 means the program continues on to the next action in the rule. A value of 1 to 99 means skip the next n actions within this rule (1=skip the next 1 action, 3=skip the next 3 actions). A value of 100 means jump to the next rule. A value of 1000 means skip all rules and stop processing this message. A value of 0 is assumed if no value is set.
Type Integer (0-32767) Range: 0 to 1000
Enum 0=No skip, 1-99=skip next n actions, 100=skip to next rule, 1000=stop processing message

Fields.SecondsSinceMidnight

Details The number of seconds elapsed since midnight
Type Long (0-2 billion)
Range 0 to 86400

Fields.SecondsSinceStartup

Details The number of seconds elapsed since the program was started.
Type Long (0-2 billion)
Last modified
17:12, 23 Mar 2017

Tags

Classifications

Public