How rules, filters, and actions work in KSS — Legacy

Rules determine what actions legacy Kiwi Syslog Server (KSS) takes when it receives a message. For example, you can create rules to:

• Log all messages to a file.
• Send an email if the message has a high priority level.
• Run a script if the message includes specific words or phrases.

Rules consist of the following elements:

• Filters determine which messages are acted on. If a rule does not include any filters, all messages are acted on.
• Actions determine what happens when a message passes all of the filters.

You can define up to 100 rules. Each rule can include up to 100 filters and 100 actions.

Apply rules in the order you want legacy KSS to receive them. When a rule applies to a message, legacy KSS matches the message against each filter in the rule, starting with the top filter.

• If each condition in the filter returns TRUE, legacy KSS matches the message against the next filter in that rule.

• If a condition in the filter returns FALSE, processing stops for that rule and legacy KSS applies the next rule to the message.

Default rule

When you install legacy KSS, it automatically creates a rule called Default that applies two actions to each message:

• Displays each message on the legacy KSS Manager console.
• Logs each message to the SyslogCatchAll.txt file, located in the \Logs directory of the legacy KSS installation folder.

If the messages passes all filters within a rule, legacy KSS performs each action in order, starting with the action at the top of the list. When legacy KSS completes the actions within a rule, and then applies the next rule.

To learn more about configuring rules, see the examples in the following topics. You can add rules to:

• Send an email alert from legacy KSS for Critical messages
• Log each message to a legacy KSS file based on date and sending device