How Kiwi Syslog Server NG rules work

Rules determine what actions Kiwi Syslog Server NG takes when it receives a message. For example, you can create rules to:

• Log all messages to a file.
• Send an email if the message has a high priority level.
• Run a script if the message includes specific words or phrases.

Rules consist of the following elements:

• Filters determine which messages are acted on. If a rule does not include any filters, all messages are acted on.
• Actions determine what happens when a message passes all of the filters.

You can define up to 100 rules. Each rule can include up to 100 filters and 100 actions.

Apply rules in the order you want the Kiwi Syslog Server NG to receive them. When a rule applies to a message, Kiwi Syslog Server NG matches the message against each filter in the rule, starting with the top filter.

• If each condition in the filter returns TRUE, Kiwi Syslog Server NG matches the message against the next filter in that rule.

• If a condition in the filter returns FALSE, processing stops for that rule and Kiwi Syslog Server NG applies the next rule to the message.

If the messages passes all filters within a rule, Kiwi Syslog Server NG performs each action in order, starting with the action at the top of the list. When Kiwi Syslog Server NG completes the actions within a rule, and then applies the next rule.

To learn more about configuring rules, see the examples in the following topics. You can add rules to:

• Send an email alert from Kiwi Syslog Server NG for Critical messages
• Log each message to a Kiwi Syslog Server NG file based on date and sending device