| Currently, Kiwi Syslog Daemon's complex filters only allow for filter expressions of the form: (A OR B) AND (C OR D) The following script illustrates how to perform complex filtering, based on any valid logic (boolean) expression. Specifically, the example script provided, demonstrates how to create a (script-based) complex filter of the form: A AND B AND (C OR D OR E OR F) Please note, that this script can be very easily modified, to provide complex filtering for any valid logic expression. eg.
Function Main() '=============================================================================' Kiwi Syslog Daemon' Complex Script-based Filtering Example'-----------------------------------------------------------------------------' Currently, Kiwi Syslog Daemon's complex filter function' only allows for complex filters of the form:'' (A or B) AND (C or D)'' This script illustrates how to perform complex filtering, for any valid' boolean expression. For example, this script demonstrates how to create' a complex substring filter of the form:'' A AND B AND (C OR D OR E OR F)'' Note: That this script can easily be extended to provide filtering for' any of the following complex filter expressions.'' ((A OR B) AND (C AND D)) AND (E OR F)' (A AND (NOT (B OR C)))' (A AND B AND (C OR D) AND (E OR F) AND (NOT (G OR H)))' etc...' etc...'' Basically, Any valid logic expression that evaluates to either TRUE or FALSE' (no matter how complex)'============================================================================'=================================================================' Include as many logic parameters as you need for your expression'=================================================================Dim ADim BDim CDim DDim EDim FDim GDim HDim IDim JDim K' This holds the filter result'=============================Dim FilterResult' This holds the text to be filtered'====================================Dim FilterText'==============================================' First, Set the text we're going to filter' In our case, it'll be the Syslog Message-text'==============================================FilterText = Fields.VarCleanMessageText' Set the parameters of our test'===============================' Note: The function Instr(), returns a value greater than' zero when the search-text is found in FilterText.' eg. Instr(FilterText,"All") returns >0 when the text "All"' has been found in "FilterText"' So, The final expression of (Instr(FilterText,"All")>0) returns' TRUE or FALSE. TRUE if "All" was found in "FilterText" or' FALSE if it wasn't found.'A = (Instr(FilterText,"All")>0)B = (Instr(FilterText,"Your")>0)C = (Instr(FilterText,"Base")>0)D = (Instr(FilterText,"Are")>0)E = (Instr(FilterText,"Belong")>0)F = (Instr(FilterText,"To Us")>0)'==========================================================' Evaluate our expression, store the result in FilterResult'==========================================================FilterResult = A AND B AND (C OR D OR E OR F)'====================================================================================' Take action on the result of the filtering'====================================================================================' Note: In this example, if our filter returns TRUE we will continue to process the' syslog message as normal.' If, on the other hand, it returns FALSE, we will need to stop the message' from being processed any further. To do this we call .ActionQuit with a' value of 100 (Skip to next rule). This will stop the current rule processing' the message any further, and pass execution to any following rule.If FilterResult = False Then'Filter has failed, so Skip to the next rule...Fields.ActionQuit = 100End If' Set the return value to indicate that the script ran correctlyMain = "OK"End Function To use this script, add it (as a Run-Script Action) to any active Rule in Kiwi Syslog Daemon Setup. Any Actions that you have added after this script-based filter, will only execute if the filter expression returns TRUE. |
Home 
Support Knowledge Base HOW TO: Setup Script-based Complex Filters
Support Knowledge Base HOW TO: Setup Script-based Complex Filters
|
Loading...
 YES
 NO
|