Documentation forKiwi Syslog Server

Filter messages based on IP address

This feature is available only in a licensed edition of Kiwi Syslog Server NG.

Use an IP address filter to include or exclude messages based on the IP address of the sending device. Only messages from the IP addresses you include trigger the actions in the associated rule.

If a rule does not contain an IP address filter, the Kiwi Syslog Server NG includes all IP addresses.

  1. From the Kiwi Syslog NG navigation bar, choose Setup > Rules.
  2. Locate an existing rule. If the rule does not exist, add a rule and start the New Rule wizard.
  3. If you are adding a filter to an existing rule, select the rule and click Edit. If you are creating a new rule, navigate to the Filters step of the New Rule wizard.
  4. Click Add filter. Define the filter name in the provided field.

  5. In the Field drop down, select IP Address.

  6. Select an option from the Filter Type drop down and specify the respective IP addresses.

    7. Simple

    Specify an IP address to include in the filter. There is an OR operator between each IP address. Messages from any of the listed IP addresses are included.

    For example, a message is included if the IP address of the sending device is 192.0.2.14 or 192.0.2.15.

    Check the Substring search box if you want the filter to include the IP address as a substring of another IP address. A substring search returns TRUE if the string is anywhere in the message.
    Complex

    Enter IP addresses to include or to exclude in the filter. There is an OR operator between IP addresses on the same line. Messages are included or excluded if they are sent from any of the IP addresses on the line.

    For IP addresses, Complex filters are primarily used to exclude specific addresses. Do not use both the Include and Exclude sections. If you include specific IP addresses, all others are automatically excluded. Do not use the And fields.

    For example, a message is excluded if the IP address of the sending device is 192.0.2.14 or 192.0.2.15.

    RegExp

    Enter one or more regular expressions to specify the IP addresses to include or exclude in the filter.
    IPv4 Range

    Enter the range of IP addresses to include, exclude, or both in the filter.

    For example, a message is included if the IP address of the sending device is between 203.185.100.0 and 203.185.100.255, but is not between 203.185.100.10 and 203.185.100.20.
    IPv4 Mask

    Specify a range of IP addresses to include or exclude in the field based on mask matching. The IP address is logically conditioned with an AND relationship to the specified mask and then compared with the IP address of the sending device. If the two addresses are on the same subnet, the filter result is TRUE.

    For example, the message is excluded if the IP address of the sending device is within the range of 192.168.0.0 to 255.255.255.240.

  7. If you are adding a filter to an existing rule, click Apply. If you are creating a filter in the New Rule wizard, click Add.