|
AutoSplit values |
Top Previous Next |
|
Using AutoSplit values can eliminate the need to use filters and actions to split incoming messages into multiple log files.
To use the AutoSplit values, place the cursor at the point you want to insert the new value and then click the "Insert AutoSplit value" link and choose from the menu items. The new variable will be placed at the current cursor position.
When a message is received, the variable will be replaced with a value from the message. For example %PriLevAA will be replaced with the message Priority level.
The AutoSplit values can be used anywhere within the path or log file name, as long as the result would make a valid file name.
Some examples:
To split the messages into separate files based on the day of the month.
C:\Logs\MyLogFile%DateD2.txt
The %DateD2 part would be replaced by the current day of the month. If it was the 23rd of the month, the message would be written to: C:\Logs\MyLogFile23.txt
Any number of AutoSplit values can be used within the path or file name.
To split the messages based on priority level and current date, use: C:\Logs\%PriLevAA\MyLogFile-%DateISO.txt
The resulting path and file name would look like this: C:\Logs\Debug\MyLogFile-2002-04-09.txt
Or you could split the messages based on the sending host, then break each host into priority level C:\Logs\%HostName.%HostDomain\MyLogFile-%PriLevAA.txt
The resulting path and file name would look like this: C:\Logs\myhost.mycompany.com\MyLogFile-Debug.txt
If you are using the Run Script action, you can use any of the VarCustom or VarGlobal fields as an autosplit item.
Rather than remembering the %variable names, just use the menu items to insert the values.
Here are a list of all the currently available AutoSplit values:
Date values
Menu name: ISO Date (YYYY-MM-DD) Parameter: %DateISO Explanation: International formatted date in the format YYYY-MM-DD. Leading zeros, always 10 characters in length. Example: 2002-10-15
Menu name: Year (YYYY) Parameter: %DateY4 Explanation: 4 digit year, always 4 characters in length. Example: 2002
Menu name: Year (YY) Parameter: %DateY2 Explanation: 2 digit year, always 2 characters in length. Example: 02
Menu name: Month (MM) with leading zero Parameter: %DateM2 Explanation: 2 digit month with leading zero, always 2 characters in length. Example: 12
Menu name: Month (MMM) in English Parameter: %DateM3 Explanation: 3 character month in English, always 3 characters in length. First letter is in upper case. (Jan, Feb, Mar, Apr…) Example: Nov
Menu name: Date (DD) with leading zero Parameter: %DateD2 Explanation: 2 digit day of the month with leading zero, always 2 characters in length. Example: 05
Menu name: Day (DDD) in English Parameter: %DateD3 Explanation: 3 character day of the week in English, always 3 characters in length. First letter is in upper case. (Sun, Mon, Tue…) Example: Fri
Time values
Menu name: Hour (HH) with leading zero Parameter: %TimeHH Explanation: 2 digit hour, always 2 characters in length. 24 hour display. 3 p.m. = 15 Example: 14
Menu name: Minute (MM) with leading zero Parameter: %TimeMM Explanation: 2 digit minute, always 2 characters in length. Example: 59
Menu name: AM/PM indicator (AM or PM) Parameter: "%TimeAMPM Explanation: 2 character time of day indicator. Always 2 characters in length. 00:00 to 11:59 = AM. 12:00 to 23:59 = PM Example: AM
Priority values
Menu name: Level (Alpha) Parameter: %PriLevAA Explanation: The message priority level as a word. Debug, Notice, Info… Example: Critical
Menu name: Facility (Alpha) Parameter: %PriFacAA Explanation: The message priority facility as a word. Local1, News, Cron… Example: User
Menu name: Level (2 digit numeric) Parameter: %PriLev00 Explanation: The message priority level as a 2 digit number. 00 to 07 Example: 05
Menu name: Facility (2 digit numeric) Parameter: %PriFac00 Explanation: The message priority facility as a 2 digit number. 00 to 23 Example: 23
Menu name: Priority (3 digit numeric) Parameter: %Pri000 Explanation: The message priority as a 3 digit number. 000 to 191 Example: 016
IP Address values (Only in the registered version)
Menu name: IP Address (4 octets, zero padded) Parameter: %IPAdd4 Explanation: The IP address of the device that sent the message. Each octet is zero padded. Always 15 characters in length Example: 192.168.001.024
Menu name: IP Address (3 octets, zero padded) Parameter: %IPAdd3 Explanation: The first 3 octets of the IP address of the device that sent the message. Each octet is zero padded. Always 11 characters in length. Example: 192.168.001
Menu name: IP Address (2 octets, zero padded) Parameter: %IPAdd2 Explanation: The first 2 octets of the IP address of the device that sent the message. Each octet is zero padded. Always 7 characters in length. Example: 203.056
Host name values (Only in the registered version)
Menu name: Hostname (no domain) Parameter: %HostName Explanation: The host name of the device that sent the message. Just the host name, no domain name is included. Example: sales-router
Menu name: Domain (no host) Parameter: %HostDomain Explanation: The domain name suffix of the device that sent the message. Just the domain name, no host name is included. Example: mycompany.co.nz
Menu name: Reversed domain (no host) Parameter: %HostDomRev Explanation: The domain name suffix of the device that sent the message, in reverse order. Just the domain name, no host name is included. Example: nz.co.mycompany
Message Text - WELF format (Only in the registered version)
WELF format is the WebTrends Extended Logging Format. This format is used by many firewalls such as, GNATBox, SonicWall, CyberWallPlus, NetScreen etc. Each field within the message text is prefixed with a identifying tag. Such as fw= for the firewall name, src= for the source of the packet being logged. More fields will be added into the AutoSplit list later. Contact http://www.kiwisyslog.com/support/ if you need one added.
Menu name: Firewall name (WELF format) Parameter: %TextFW Explanation: The name of the firewall that created the message. Example: protector
Menu name: Source address (WELF format) Parameter: %TextSrc Explanation: The source IP address of the packet being logged by the firewall. (Not zero padded, unless this has been done by the firewall already) Example: 192.168.1.6
Menu name: Destination address (WELF format) Parameter: %TextDst Explanation: The destination IP address of the packet being logged by the firewall. (Not zero padded, unless this has been done by the firewall already) Example: 203.57.12.1
Menu name: Protocol (WELF format) Parameter: %TextProto Explanation: The protocol of the packet being logged by the firewall. Example: http
Input Source values (Only in the registered version)
Menu name: Input Source (UDP/TCP/SNMP) Parameter: %InpSrc Explanation: Identifies the input source of the message. (The listening method that received the message) Example: UDP
Custom/Global script fields (Only in the registered version)
Menu name: VarCustom01 to VarCustom16 Parameter: %VarCustom01 to %VarCustom16 Explanation: There are 16 custom fields that can be modified by the Run Script action. If these fields have not been modified by the script, they will be blank. Be aware that a blank autosplit value may result in an invalid file name. The custom field values are cleared when a new message arrives. They are only valid for the current message. To store values longer than a single message, use VarGlobal fields. Example: Any value that the script creates can be used.
Menu name: VarGlobal01 to VarGlobal16 Parameter: %VarGlobal01 to %VarGloabl16 Explanation: There are 16 global fields that can be modified by the Run Script action. If these fields have not been modified by the script, they will be blank. Be aware that a blank autosplit value may result in an invalid file name. The global fields retain their value between messages. Example: Any value that the script creates can be used.
|