You may want to send the messages that come from a specific component
that makes up ExtremeXOS or to send the message generated by a specific condition. For
example, you might want to send only those messages that come from the STP component, or send the message that occurs when the
IP.Forwarding.SlowPathDrop condition occurs. Or you may want to exclude messages from a
particular component or event. To do this, you construct a filter that passes only the items
of interest, and you associate that filter with a target.
-
The first step is to create the filter using the
create log filter command.
You can create a filter from scratch, or copy another filter
to use as a starting point. (It may be easiest to copy an existing
filter and modify it.)
-
To create a filter, use the following command:
create log
filter name {copy filter_name}
If you create a filter from scratch, that filter initially blocks
all events until you add events (either the events from a component or a specific event
condition) to pass. You might create a filter from scratch if you want to pass a small
set of events and to block most events. If you want to exclude a small set of events,
use the default filter that passes events at or above the default severity threshold
(unless the filter has been modified), named DefaultFilter, that you can copy to use as
a starting point for your filter.
-
After you create your filter, you configure filter items
that include or exclude events from the filter.
Included events are passed; excluded events are blocked.
-
To configure your filter, use the following
command:
configure
log filter name [add | delete] {exclude} events [event-condition | [all | event-component] {severity severity {only}}]
For example, if you
create the filter myFilter from scratch, use the following command to include
events:
configure log filter myFilter add events stpAll STP component events of at least the default threshold severity
passes myFilter (for the STP component, the default severity threshold is error). You
can further modify this filter by specifying additional conditions.
For example, assume that myFilter is configured as before, and assume
that you want to exclude the STP.CreatPortMsgFail event.
-
To add that condition, use the following command:
configure log filter myFilter add exclude
events stp.creatportmsgfail
-
You can also add events and subcomponents to the filter.
For example, assume
that myFilter is configured as before, and you want to include the STP.InBPDU
subcomponent. To add that condition, use the following command:
configure log
filter myFilter add events stp.inbpdu
-
You can continue to modify this filter by adding more
filter items.
The filters process events by comparing the event
with the most recently configured filter item first. If the event
matches this filter item, the incident is either included or excluded,
depending on whether the exclude keyword was
used. If necessary, subsequent filter items on the list are compared.
If the list of filter items is exhausted with no match, the event
is excluded and is blocked by the filter.
-
To view the configuration of a filter, use the following
command:
show log
configuration filter {filter_name}
The following is sample output from this command (for
the earlier filter):
Log Filter Name: myFilter
I/ Severity
E Comp. Sub-comp. Condition CEWNISVD
- ------- ----------- ----------------------- --------
I STP InBPDU --------
E STP CreatPortMsgFail -E------
I STP --------
Include/Exclude: I - Include, E - Exclude
Component Unreg: * - Component/Subcomponent is not currently registered
Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info
Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data
+ - Debug Severities, but log debug-mode not enabled
If Match parameters present:
Parameter Flags: S - Source, D - Destination, (as applicable)
I - Ingress, E - Egress, B - BGP
Parameter Types: Port - Physical Port list, Slot - Physical Slot #
MAC - MAC address, IP - IP Address/netmask, Mask - Netmask
VID - Virtual LAN ID (tag), VLAN - Virtual LAN name
L4 - Layer-4 Port #, Num - Number, Str - String
Nbr - Neighbor, Rtr - Routerid, EAPS - EAPS Domain
Proc - Process Name
Strict Match : Y - every match parameter entered must be present in the event
N - match parameters need not be present in the event
The show log configuration filter command shows each
filter item, in the order that it will be applied and whether it will be included or
excluded. The above output shows the three filter items, one including events from the
STP.InBPDU component, one excluding the event STP.CreatPortMsgFail, and the next
including the remaining events from the STP component. The severity value is shown as
“*”, indicating that the component‘s default severity threshold controls which messages
are passed. The
Parameter(s)
heading is empty for this filter because no match is configured for this filter. Matches
are described in Matching Expressions.
Each time a filter item is added to or deleted from a
given filter, the specified events are compared against the current
configuration of the filter to try to logically simplify the configuration.
Existing items will be replaced by logically simpler items if the
new item enables rewriting the filter. If the new item is already
included or excluded from the currently configured filter, the new
item is not added to the filter.