Kiwi Enterprises - INFO: How the Rule engine works


I'm a first time user and the program was very easy and intuitive to use.

INFO: How the Rule engine works

When a message is received by Kiwi Syslog Server, it is tested against each Rule in turn, from the top down, until either all Rules have been tested against, or a “Stop Processing” Action is encountered. The next message is then tested in turn and so on...

For the Actions within a Rule to be fired ALL of the preceding Filters of that Rule must first be TRUE.

When you have more than one Flter specified within a rule, each filter is effectively ‘AND’ed together not ‘OR’ed

In the Rule below, we have created two filters:

The first is a Simple IP Address Filter.

The second is a Simple Message text Filter.

The two defined Actions, Display and Log to file will only fire if the message that is currently being processed, matches both of these filters i.e. it comes from IP Address 192.168.1.90 AND it contains the words "link down" OR "link up" within the message text part of the syslog message.

If the message does not meet these requirements, then both filters will not be TRUE and therefore, the Actions will not fire.

86 % of 7 voters found this article helpful - Did you?

YES

Send this article by email

Leave a comment