Documentation forKiwi Syslog Server

Filter messages based on message text

This snippet is used for legacy 9.8.3 topics that link to a KSS NG topic of the same name.

This feature is available only in a licensed edition of Kiwi Syslog Server.

Use the Message text filter to include or exclude messages in the filter based on the content of the message. Only messages you include trigger the actions in the associated rule. For example, you can create rules to send an email or run a script when a message contains specific text strings.

If a rule does not contain a Message text filter, the Kiwi Syslog Server includes all messages.

  1. From the Kiwi Syslog Service Manager, choose File > Setup.
  2. Add a rule, or locate an existing rule.
  3. Right-click Filters below the rule, and click Add Filter.
  4. Right-click the default filter name. Select Rename Filter to enter a descriptive name.

  5. In the Field menu, select Message text.

  6. Select an option from the Filter Type menu, and specify text strings.
  7. Simple

    Enter text strings to include in the filter. Enclose each text string in quotation marks. There is an OR operator between the strings. A message filter criteria returns TRUE if it includes any of the strings.

    • Select the C button to make the search case-sensitive.

    • Select the S button to perform a substring search. The S button is selected by default. A substring search returns TRUE if the text string is anywhere in the message.

      Deselect the S button to perform a whole string search. A whole string search returns TRUE only if the text string matches the entire message text.

    For example, if the text string is "down" and the messages is System down, a substring search returns TRUE, but a whole string search does not.

    In the following example, Kiwi Syslog Server includes a message if it contains POP3 or SMTP or MAPI. The filter is not case-sensitive.
    Complex

    Enter text strings to include, exclude, or both in the filter. Enclose each text string in quotation marks. There is an OR operator between strings on the same line.

    Enter strings on the And line to include a Boolean AND operator.

    Include

    Kiwi Syslog Server includes a message if it contains any string on the Include line and any string entered in the And field.

    For example, Kiwi Syslog Server includes a message if it contains (server or system) and (down or inaccessible).

    The message "The system is down" is included, but not "The system is up."
    Exclude

    Kiwi Syslog Server excludes a message if it contains any string on the Exclude line and any string entered in the And field.

    For example, Kiwi Syslog Server excludes a message if it contains recommended action (not case-sensitive) and None required (case sensitive).

    Both

    You can use both the Include and Exclude fields. In the following example, Kiwi Syslog Server includes a message if it contains (server or system) and (down or inaccessible) but does not contain test.

    The message System down is included, but not the message Test system down.
    RegExp

    Enter regular expressions to specify text strings to include or exclude in the filter.
    Test the filter.

  8. Click Apply.