configure log filter events

configure log filter name [add | delete] {exclude} events [event-condition | [all | event-component] {severity severity {only}}]

Description

Configures a log filter to add or delete detailed feature messages based on a specified set of events.

In a stack, this command is applicable only to Master and Backup nodes and not applicable to the standby nodes.

Syntax Description

name Specifies the filter to configure.
add Add the specified events to the filter.
delete Remove the specified events from the filter.
exclude Events matching the specified events will be excluded.
event-condition Specifies an individual event.
all Specifies all components and subcomponents.
event-component Specifies all the events associated with a particular component.
severity Specifies the minimum severity level of events (if the keyword only is omitted).
only Specifies only events of the specified severity level.

Default

If the exclude keyword is not used, the events will be included by the filter. If severity is not specified, then the filter will use the component default severity threshold (see the note note: If no severity is specified when delete or exclude is specified, severity all is used when delete or exclude is specified).

Usage Guidelines

This command controls the incidents that pass a filter by adding, or deleting, a specified set of events. If you want to configure a filter to include or exclude incidents based on event parameter values (for example, MAC address or BGP (Border Gateway Protocol) Neighbor) see the command configure log filter events match.

When the add keyword is used, the specified event name is added to the beginning of the filter item list maintained for this filter. The new filter item either includes the events specified, or if the exclude keyword is present, excludes the events specified.

The delete keyword is used to remove events from the filter item list that were previously added using the add command. All filter items currently in the filter item list that are identical to, or a subset of, the set of events specified in the delete command will be removed.

Event Filtering Process

From a logical standpoint, the filter associated with each enabled log target is examined to determine whether a message should be logged to that particular target. The determination is made for a given filter by comparing the incident with the most recently configured filter item first. If the incident matches this filter item, the incident is either included or excluded, depending on whether the exclude keyword was used. Subsequent filter items on the list are compared if necessary. If the list of filter items has been exhausted with no match, the incident is excluded.

Events, Components, and Subcomponents

As mentioned, a single event can be included or excluded by specifying the event‘s name. Multiple events can be added or removed by specifying an ExtremeXOS component name plus an optional severity. Some components, such as BGP, contain subcomponents, such as Keepalive, which is specified as BGP.Keepalive. Either components or subcomponents can be specified. The keyword all in place of a component name can be used to indicate all ExtremeXOS components.

Severity Levels

When an individual event name is specified following the events keyword, no severity value is needed since each event has pre-assigned severity. When a component, subcomponent, or the all keyword is specified following the events keyword, a severity value is optional. If no severity is specified, the severity used for each applicable subcomponent is obtained from the pre-assigned severity threshold levels for those subcomponents. For example, if STP (Spanning Tree Protocol) were specified as the component, and no severity is specified for the add of an include item, then only messages with severity of error and greater would be passed, since the threshold severity for the STP component is error. If STP.InBPDU were specified as the component, and no severity is specified, then only messages with severity of warning and greater would be passed, since the threshold severity for the STP.InPBDU subcomponent is warning. Use the show log components command to see this information.

The severity keyword all can be used as a convenience when delete or exclude is specified. The use of delete (or exclude) with severity all deletes (or excludes) previously added events of the same component of all severity values.

Note

Note

If no severity is specified when delete or exclude is specified, severity all is used.

If the only keyword is present following the severity value, then only the events in the specified component at that exact severity are included. Without the only keyword, events in the specified component at that severity or more urgent are included. For example, using the option severity warning implies critical, error, or warning events, whereas the option severity warning only implies warning events only. Severity all only is not a valid choice.

Any EMS events with severity debug-summary, debug-verbose, or debug-data will not be logged unless debug mode is enabled. See the command enable log debug-mode.

Filter Optimization

Each time a configure log filter command is issued for a given filter name, the events specified are compared against the current configuration of the filter to try to logically simplify the configuration.

For example, if the command:

configure log filter bgpFilter1 add events bgp.keepalive severity error only

were to be followed by the command:

configure log filter bgpFilter1 add events bgp severity info

the filter item in the first command is automatically deleted since all events in the BGP.Keepalive subcomponent at severity error would be also included as part of the second command, making the first command redundant.

More Information

See the command show log for more information about severity levels.

To get a listing of the components present in the system, use the following command:

show log components

To get a listing of event condition definitions, use the following command:

show log events

To see the current configuration of a filter, use the following command:

show log configuration filter {filter name}

Example

The following command adds all STP component events at severity info to the filter mySTPFilter:

configure log filter myStpFilter add events stp severity info

The following command adds the STP.OutBPDU subcomponent, at the pre-defined severity level for that component, to the filter myStpFilter:

configure log filter myStpFilter add events stp.outbpdu

The following command excludes one particular event, STP.InBPDU.Drop, from the filter:

configure log filter myStpFilter add exclude events stp.inbpdu.drop

History

This command was first available in ExtremeXOS 10.1.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.