How rules, filters, and actions work in KSS NG

Rules determine what actions Kiwi Syslog Server NG (KSS NG) takes when it receives a message. For example, you can create rules to:

• Log all messages to a file.
• Send an email if the message has a high priority level.
• Run a script if the message includes specific words or phrases.

Rules consist of the following elements:

• Filters determine which messages are acted on. If a rule does not include any filters, all messages are acted on.
• Actions determine what happens when a message passes all of the filters.

You can define up to 100 rules. Each rule can include up to 100 filters and 100 actions.

Apply rules in the order you want the KSS NG to receive them. When a rule applies to a message, KSS NG matches the message against each filter in the rule, starting with the top filter.

• If each condition in the filter returns TRUE, KSS NG matches the message against the next filter in that rule.

  

• If a condition in the filter returns FALSE, processing stops for that rule and KSS NG applies the next rule to the message.

  

If the messages passes all filters within a rule, KSS NG performs each action in order, starting with the action at the top of the list. When KSS NG completes the actions within a rule, and then applies the next rule.

When you install KSS NG, it automatically creates a rule called Default that applies the Log to display action.

To learn more about configuring rules, see the examples in the following topics. You can add rules to:

• Send an email alert from KSS NG for Critical messages
• Log each message to a KSS NG file based on date and sending device