Filtering Incoming Syslog Messages and Display by Content
You can filter syslog messages by the message content (i.e., not IP address, facility or severity).
You can filter l message content on the following two levels:
|
■
|
Incoming traffic: Filter is applied to received syslog messages. This filter affects both the displayed log and content written to the log files. |
|
■
|
Log display: Filter affects only the displayed log. |
You can also use regular expressions (regex) to define the message content filter. You can also use regex to match multiple lines (i.e., pattern1|pattern2).
|
➢
|
To filter syslog messages by message content: |
|
1.
|
On the toolbar, click the Options  icon; the Options dialog box opens. |
|
2.
|
Under the Content Filter group, configure the message content filters: |
|
i.
|
In the 'Receive filter' field, enter the message-content filter which is applied to incoming traffic. |
|
ii.
|
From the 'Mode' drop-down list, select Allow to allow only traffic according to your filter, or Block to block traffic according to your filter. |
|
i.
|
In the 'Display filter' field, enter the message-content filter which is applied to the log display. |
|
ii.
|
From the 'Mode' drop-down list, select Allow to display syslog messages according to your filter, or Block to not display syslog messages according to your filter. |
