Documentation forKiwi Syslog Server NG

Add an event log subscription

In the Add window, you can configure the event type and filtering options.

  1. From the Subscriptions tab, click Add.
  2. Select the event log (or event logs) you wish to subscribe to from the left column tree.
  3. Configure the Event type, Event sources, and Task category, and filtering options:
    FieldValue
    Event TypeFilters the event records by the event type selected.
    Event Sources

    Filters the event records by one or more event source.

    The Event Sources field is populated based on the selected event log.

    Include or Exclude Event

    Enter the relevant event IDs. Event records containing an specified event ID are excluded or included in the event filter. Event IDs with a minus sign are excluded.

    For example, to apply a filter that only shows records with event ID 1,3, are within the range of IDs 5-99, and excludes event ID 76, enter: 1,3,5-99,-76.

    Task Category

    Filter event records by one or more selected task categories.

    The Task Category field is populated based on the selected event log.

    Keywords

    Filter the event records by specified keywords.

    Not available for Windows Eventing 5 versions of Windows.

    Users

    Filter event records by the user logged in to the device at the time of the event.

    Multiple users must be separated by commas.

    Computers

    Filter event records by devices the event occurs on.

  4. By default, you are provided a grid view of the event from the selected subscriptions. To hide or show this preview, click Hide / Show preview of matching records.
  5. Click Refresh to preview the event records currently found in your event logs, based on configured subscription settings.
  6. Click Next to continue to the Define Priority screen.
  7. Select the default syslog facility number that the event records when forwarding messages to the syslog server.

    The default syslog facility number is combined with the record event type to form the message Priority column data within the syslog server display window.

  8. Click Finish.

Enable or disable a subscription

You can enable or disable an existing subscription from the Subscriptions screen. Only one subscription can be enabled or disabled at a time. Any disabled subscription is greyed out on the subscriptions tab.

  1. From the Subscriptions tab, select a subscription item.
  2. Hover your pointer over Enable/Disable.
  3. From the drop-down field, select Enable or Disable.