A sub-filtering capability of the logging streams includes filtering of device, XCO, and SLX events or alert types by minimum severity level.
Device Events send two types of messages: RASLOG and AUDIT. To refine your filter, use a combination of the keywords, such as raslog, audit-configuration, audit-firmware, and audit-security.
The sub-filtering is only applicable for SLX devices.
You can reduce the filtering and device event sub-filtering notifications by filtering XCO and SLX events or alert types by minimum severity level. If you provide Info or no sub-filter value for the sub-filter, then no filtering will be done. A higher level severity value, such as Critical, Error or Warning results in filtering out all the messages of lower severity.
The device alerts and alarms messages of major or critical severity are not filtered because they are at or above the highest minimum-severity level. The device alerts and alarms messages of minor severity are treated as severity level of error for sub-filtering.
The following table describes the use of commands for filtering device events:
| Commands | Description |
|---|---|
–device-event “audit-configuration”,“audit-firmware",“audit-security" |
Receives all the audit messages but filter out all “raslog” messages for applicable device events. |
–device-event “audit-configuration”,“audit-security” |
Receives no raslog notifications and only configuration and security-related audit notifications. |
--minimum-severity-subfilter “warning” |
Filters out all “Info” messages for applicable device events, app events, alerts, and alarms. |