Documentation forKiwi Syslog Server

Filter messages based on message texts

This feature is available only in a licensed edition of Kiwi Syslog Server NG.

Use the Message Text filter to include or exclude messages in the filter based on the content of the message. Only messages you include trigger the actions in the associated rule. For example, you can create rules to send an email or run a script when a message contains specific text strings.

If a rule does not contain a Message Text filter, Kiwi Syslog Server NG includes all messages.

  1. From the Kiwi Syslog NG navigation bar, choose Setup > Rules.
  2. Locate an existing rule. If the rule does not exist, add a rule and start the New Rule wizard.
  3. If you are adding a filter to an existing rule, select the rule and click Edit. If you are creating a new rule, navigate to the Filters step of the New Rule wizard.
  4. Click Add filter. Define the filter name in the provided field.

  5. In the Field drop down, select Message Text.

  6. Select an option from the Filter Type menu, and specify text strings.
  7. Simple

    Enter text strings to include in the filter. There is an OR operator between the strings. A message filter criteria returns TRUE if it includes any of the strings.

    In the following example, Kiwi Syslog Server NG includes a message if it contains POP3 or SMTP or MAPI. The filter is not case-sensitive.

    Check the Case sensitive search box if you want the filter to be case sensitive.

    Check the Substring search box if you want the filter to include the IP address as a substring of another IP address. A substring search returns TRUE if the string is anywhere in the message.

    For example, if the text string is "down" and the messages is System down, a substring search returns TRUE, but a whole string search does not.

    Complex

    Enter text strings to include, exclude, or both in the filter. There is an OR operator between strings on the same line.

    Enter strings on the And line to include a Boolean AND operator.

    Include

    Kiwi Syslog Server NG includes a message if it contains any string on the Include line and any string entered in the And field.

    For example, Kiwi Syslog Server NG includes a message if it contains (server or system) and (down or inaccessible).

    The message The system is down is included, but not The system is up.
    Exclude

    Kiwi Syslog Server NG excludes a message if it contains any string on the Exclude line and any string entered in the And field.

    For example, Kiwi Syslog Server NG excludes a message if it contains recommended action (not case-sensitive) and None required (case sensitive).

    Both

    You can use both the Include and Exclude fields. In the following example, Kiwi Syslog Server includes a message if it contains (server or system) and (down or inaccessible) but does not contain test.

    The message System down is included, but not the message Test system down.
    RegExp

    Enter regular expressions to specify text strings to include or exclude in the filter.
  8. If you are adding a filter to an existing rule, click Apply. If you are creating a filter in the New Rule wizard, click Add.