Filter messages based on message text
This feature is available only in a licensed edition of Kiwi Syslog Server.
Use the Message text filter to include or exclude messages in the filter based on the content of the message. Only messages you include trigger the actions in the associated rule. For example, you can create rules to send an email or run a script when a message contains specific text strings.
If a rule does not contain a Message text filter, the Kiwi Syslog Server includes all messages.
- From the Kiwi Syslog Service Manager, choose File > Setup.
- Add a rule, or locate an existing rule.
- Right-click Filters below the rule, and click Add Filter.
- Right-click the default filter name. Select Rename Filter to enter a descriptive name.
In the Field menu, select Message text.
- Select an option from the Filter Type menu, and specify text strings.
Enter text strings to include in the filter. Enclose each text string in quotation marks. There is an OR operator between the strings. A message filter criteria returns TRUE if it includes any of the strings.
- Select the C button to make the search case-sensitive.
Select the S button to perform a substring search. The S button is selected by default. A substring search returns TRUE if the text string is anywhere in the message.
Deselect the S button to perform a whole string search. A whole string search returns TRUE only if the text string matches the entire message text.
For example, if the text string is
"down"and the messages is
System down, a substring search returns TRUE, but a whole string search does not.
In the following example, Kiwi Syslog Server includes a message if it contains
MAPI. The filter is not case-sensitive.
Enter text strings to include, exclude, or both in the filter. Enclose each text string in quotation marks. There is an OR operator between strings on the same line.
Enter strings on the And line to include a Boolean AND operator.
Kiwi Syslog Server includes a message if it contains any string on the Include line and any string entered in the And field.
For example, Kiwi Syslog Server includes a message if it contains (
system) and (
The message "The system is down" is included, but not "The system is up."
Kiwi Syslog Server excludes a message if it contains any string on the Exclude line and any string entered in the And field.
For example, Kiwi Syslog Server excludes a message if it contains
recommended action(not case-sensitive) and
None required(case sensitive).
You can use both the Include and Exclude fields. In the following example, Kiwi Syslog Server includes a message if it contains (
system) and (
inaccessible) but does not contain
System downis included, but not the message
Test system down.
Enter regular expressions to specify text strings to include or exclude in the filter.