configure log filter events match
ExtremeWare Software 7.3.0 Command Reference Guide 625
configure log bridgeFilter add events bridge severity notice match source mac-address
00:11:12:13:14:15
configure log bridgeFilter add events bridge severity notice match source mac-address
00:21:22:23:24:25
configure log bridgeFilter add events bridge severity notice match source mac-address
00:31:32:33:34:35
In order to exclude only incidents whose parameter values match the specified criteria, follow this two
step process. First, include the applicable event(s) using either the
configure log filter events
command, or using the
configure log filter events match
command described here, with a
superset of the match criteria. Second, use the
exclude
keyword in the
configure log filter
events match
command to exclude incidents with the specified parameter values.
As an example, the following commands define a filter that allows incidents in the BGP.Keepalive
component at severity
notice
or more severe, except those incidents containing a BGP neighbor in the
10.1.2.0/24 subnet:
create log filter bgpFilter
configure log bgpFilter add events bgp.keepalive severity notice
configure log bgpFilter add exclude events bgp.keepalive severity notice match bgp
neighbor 10.1.2.0/24
Filter Optimization. As explained in the
configure log filter events
command, each time a
configure log filter match
command is issued, an attempt is made to logically simplify the
configuration. This simplification extends to cases where one set of match criteria is a superset of
another. For example, if you issued the following commands:
create log filter bgpFilter1
configure log bgpFilter1 add events bgp.event severity notice match bgp neighbor
10.0.0.0/8
configure log bgpFilter1 add events bgp.event severity notice match bgp neighbor
10.1.2.0/24 and L4-port 80
then the third command is redundant and no filter item is actually added. The reason is that the IP
subnet 10.1.2.0/24 is wholly contained within the IP subnet 10.0.0.0/8, which is already included in this
filter, and with any value for the layer 4 port.
More Information. See the command
show log
on page 713 for more information about severity
levels.
To get a listing of the components present in the system, use the following command:
show log components
To get a listing of event condition definitions, use the following command:
show log events
To see the current configuration of a filter, use the following command:
show log configuration filter <filter name>
To Next Page
Loading...