Advanced Text Processing

<< Click to Display Table of Contents >>

Navigation:  Monitoring with EventSentry > Event Log Monitoring > Filters >

Advanced Text Processing

Comma Separated Values (Event Log Filters only)

You can separate multiple values with a comma to avoid creating multiple filters. Simply combine all the values the field should match with commas and make sure you are not using a space after or before the comma. For example:

 

Print,MrxSmb

 

All fields in the "Details" section and the "Filter Text" support this feature.

 

Negation Symbol (Event Log Filters only)

You can negate a value by pre-pending it with an exclamation mark. For example, to match all events except for those with the source of Print you could use the following:

 

!Print

 

or

 

!*Print*

warning_32

Do not combine regular values (values without the negation character) and values with a negation character (e.g. "!Print,MrxSmb" is not supported). All fields in the "Details" section support this feature.

 

Wildcards

The wildcards * and ? are supported.

 

    *matches zero or more occurrences of any character
    ?matches one occurrence of any character

 

warning_20

Note: Filter strings, whether containing wild cards or not, are never case sensitive.

 

Examples

 

Filter with wildcard

Matches string

ipx*

IPXCP

IPXRIP

IPXRouterManager

IPXSAP

*iptables*proto=??p*dpt=13*

syslog@netikus-router[kern.debug]:  kernel: IPTABLES INPUT: IN=ppp0 OUT= MAC= SRC=65.35.223.155 DST=65.41.63.146 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=54221 DF PROTO=TCP SPT=1429 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

VMnet*

VMnetAdapter

VMnetBridge

VMnetDHCP

VMnetuserif

*rip*

IPRIP2

IPXRIP