It is possible to define up to 100 rules. Each rule can contain up to 100 filters and 100 actions.
When a syslog message is received it is processed by each rule in turn. Starting at the top rule and working down. The order of the rules can be adjusted up or down using the toolbar buttons.
For each rule, the message is matched against the specified filters. Starting from the top most filter and working down. If any of the filter conditions fail, the program stops processing that rule and moves on to the next rule. If all the filter conditions are met, that is they all return TRUE, then the program will perform the specified action or actions for that rule, in order starting at the top most action and working down.
Once all the actions for that rule have been completed, the program will process the next rule in the list. When all rules have been processed, the program waits for the next syslog message to be received, then starts processing the new message from the top most rule.
Each rule, filter or action can be given a descriptive name. To edit the name, press F2 or use the right-click menu. The names do not have to be unique, but should describe their function. The name can be a maximum of 25 characters in length.
When no filters are defined for a rule, all messages are passed.
By default, the initial setup contains a single rule named Default. No filters are defined. This ensures all messages are passed. The two default actions of "Display" and "Log to file" are used. This ensures that by default, all messages are displayed and logged to a file called "SyslogCatchAll.txt" which is located in the \Logs directory of your Kiwi Syslog Daemon installation folder.