More discussions in Kiwi SyslogWhere is this place located?
6 Replies Latest reply: Feb 24, 2012 10:54 AM by multivendortesting RSS

Simple filter not working

multivendortesting
multivendortesting Feb 20, 2012 8:20 AM
Currently Being Moderated

Hi All,

I am currently evaluting kiwi syslog server.

I have created a simple filter on ip address ""172.16.0.254"" and on the actions ticked to e-mail message.

While I unplug one of the printers on the network, I should not get up down link status send to me via e-mail, but this is currently happening.

My understanding is once I create the above filter, I only should get e-mails on 172.16.0.254, but I am currently getting e-mails from every alert on the network.

Please can someone advise me, if I am doing something wrong here ?

  • 161 Views
  • Re: Simple filter not working
    bshopp
    bshopp Feb 23, 2012 1:31 PM (in response to multivendortesting)
    Currently Being Moderated

    Can you tell me about the exact rule.  Are there other rules defined in the system, like any default rules?

  • Re: Simple filter not working
    Fodome
    Fodome Feb 23, 2012 1:44 PM (in response to multivendortesting)
    Currently Being Moderated

    Hello multivendortesting,

    If you are using an IP filter for "172.16.0.254" (with quotes), you will get an email for every Syslog Message that comes directly from that IP address.  If you are simply looking for Syslog messages that contain "172.16.0.254" within the message text, you should change the Filter Type to Message filter instead of IP filter.

    Hope this helps.  If not, can you post the contents or screenshot of the email you received?

    Thanks.

    Chris Foley | Support Representative
    SolarWinds | IT Management, Inspired By You
    Support:866.530.8040 || Fax:512.857.0125

  • Re: Simple filter not working
    multivendortesting
    multivendortesting Feb 24, 2012 9:07 AM (in response to multivendortesting)
    Currently Being Moderated

    [View:/cfs-file.ashx/__key/CommunityServer.Components.UserFiles/00.00.13.50.28/Simple-rule-not-working.docx]

    Thanks for replying back.

    I'm  still getting e-mail messages from a different host ip range, while I unplug the printer cable out.

    I observed I need to add double speech marks for the test button to work, if I apply single speech mark the test button doesn't work.

    Sorry I could not find a way to paste the printscreens directly on to here, so I added them as attachments.

     

    • Re: Simple filter not working
      DanielleH
      DanielleH Feb 24, 2012 9:17 AM (in response to multivendortesting)
      Currently Being Moderated

      If you want to put a screenshot in your post, look for the "insert media" button.

      Sometimes it is picky about the format so I suggest always using JPEG files. :)

      -DH

    • Re: Simple filter not working
      Fodome
      Fodome Feb 24, 2012 9:38 AM (in response to multivendortesting)
      Currently Being Moderated

      multivendortesting,

      You need to wrap the IP within single double-quotes like so:

      "172.16.0.254"

      The test will fail because the filter does not match the contents of the test message, which is fine.

      To test this, add a Display Action to your "New Rule" Rule and set it to Display 01.  Then, click OK and set the Display to "Display 01" within the Console.  See if only the expected syslog messages appear now.  If they do, you can delete the Display Action, reenable the Email Action and call it a day.

      Let me know if this helps.

      Chris Foley | Support Representative
      SolarWinds | IT Management, Inspired By You
      Support:866.530.8040 || Fax:512.857.0125

Actions

More Like This

  • Retrieving data ...