Filter messages based on message text — Legacy
This feature is available only in a licensed edition of Kiwi Syslog Server.
Use the Message text filter to include or exclude messages in the filter based on the content of the message. Only messages you include trigger the actions in the associated rule. For example, you can create rules to send an email or run a script when a message contains specific text strings.
If a rule does not contain a Message text filter, the Kiwi Syslog Server includes all messages.
- From the Kiwi Syslog Service Manager, choose File > Setup.
- Add a rule, or locate an existing rule.
- Right-click Filters below the rule, and click Add Filter.
- Right-click the default filter name. Select Rename Filter to enter a descriptive name.
-
In the Field menu, select Message text.
- Select an option from the Filter Type menu, and specify text strings.
-
Simple Enter text strings to include in the filter. Enclose each text string in quotation marks. There is an OR operator between the strings. A message filter criteria returns TRUE if it includes any of the strings.
- Select the C button to make the search case-sensitive.
-
Select the S button to perform a substring search. The S button is selected by default. A substring search returns TRUE if the text string is anywhere in the message.
Deselect the S button to perform a whole string search. A whole string search returns TRUE only if the text string matches the entire message text.
For example, if the text string is
"down"
and the messages isSystem down
, a substring search returns TRUE, but a whole string search does not.In the following example, Kiwi Syslog Server includes a message if it contains
POP3
orSMTP
orMAPI
. The filter is not case-sensitive.Complex Enter text strings to include, exclude, or both in the filter. Enclose each text string in quotation marks. There is an OR operator between strings on the same line.
Enter strings on the And line to include a Boolean AND operator.
Include Kiwi Syslog Server includes a message if it contains any string on the Include line and any string entered in the And field.
For example, Kiwi Syslog Server includes a message if it contains (
server
orsystem
) and (down
orinaccessible
).The message "The system is down" is included, but not "The system is up."
Exclude Kiwi Syslog Server excludes a message if it contains any string on the Exclude line and any string entered in the And field.
For example, Kiwi Syslog Server excludes a message if it contains
recommended action
(not case-sensitive) andNone required
(case sensitive).Both You can use both the Include and Exclude fields. In the following example, Kiwi Syslog Server includes a message if it contains (
server
orsystem
) and (down
orinaccessible
) but does not containtest
.The message
System down
is included, but not the messageTest system down
.RegExp Enter regular expressions to specify text strings to include or exclude in the filter.
-
Click Apply.