Documentation forKiwi Syslog Server

Filter messages based on IP address

This snippet is used for legacy 9.8.3 topics that link to a KSS NG topic of the same name.

This feature is available only in a licensed edition of Kiwi Syslog Server.

Use an IP address filter to include or exclude messages based on the IP address of the sending device. Only messages from the IP addresses you include trigger the actions in the associated rule.

If a rule does not contain an IP address filter, the Kiwi Syslog Server includes all IP addresses.

  1. From the Kiwi Syslog Service Manager, choose File > Setup.
  2. Add a rule, or locate an existing rule.
  3. Right-click Filters below the rule, and click Add Filter.
  4. Right-click the default filter name. Select Rename Filter to enter a descriptive name.

  5. In the Field menu, select IP address.

  6. Select an option from the Filter Type menu, and specify IP addresses.

    7. Simple

    Enter IP addresses to include in the filter. Enclose each IP address in quotation marks.

    There is an OR operator between each IP address. Messages from any of the listed IP addresses are included.

    For example, a message is included if the IP address of the sending device is 192.0.2.14 or 192.0.2.15.

    Complex

    Enter IP addresses to include or to exclude in the filter. Enclose each IP address in quotation marks.

    There is an OR operator between IP addresses on the same line. Messages are included or excluded if they are sent from any of the IP addresses on the line.

    For IP addresses, Complex filters are primarily used to exclude specific addresses. Do not use both the Include and Exclude sections. If you include specific IP addresses, all others are automatically excluded. Do not use the And fields.

    For example, a message is excluded if the IP address of the sending device is 192.0.2.14 or 192.0.2.15.

    RegExp

    Enter one or more regular expressions to specify the IP addresses to include or exclude in the filter.
    IPv4 Range

    Enter the range of IP addresses to include, exclude, or both in the filter.

    For example, a message is included if the IP address of the sending device is between 203.185.100.0 and 203.185.100.255, but is not between 203.185.100.10 and 203.185.100.20.
    IPv4 Mask

    Specify a range of IP addresses to include or exclude in the field based on mask matching. The IP address is logically conditioned with an AND relationship to the specified Mask and then compared with the IP address of the sending device. If the two addresses are on the same subnet, the filter result is TRUE.

    For example, the message is excluded if the IP address of the sending device is within the range of 192.168.0.0 to 255.255.255.240.

    IPv6 Range

    Enter the range of IP addresses to include, exclude, or both in the filter. For a range example, see IPv4 Range.

  7. Test the filter.

  8. Click Apply.