Technical data
Using Syslog Messaging to Monitor Router Events
303561-A Rev 00
C-7
You can specify a filter for an individual message by setting the upper and lower
boundaries of the event number range equal to the same message number.
If you configure an event number range of 0 to 255, Syslog ignores the range as a
filtering parameter and checks instead to see if a message severity mask exists for
the same entity filter.
Filtering by Event Severity Level
Each event message generated by the router software has a unique severity level.
(To determine the severity level of any router event message, see Event Messages
for Routers.)
As an alternative to specifying event numbers as filtering criteria, you can specify
in an entity filter one or more event message severity levels (that is, you define a
severity mask for the filter).
Syslog uses the severity levels as criteria for selecting and forwarding only the
types of messages you want a remote host to receive.
An entity filter passes only messages that have a severity level equal to any you
specified in the message severity mask. You define severity levels by setting a
value for the wfSyslogEntFltrSevMask filter attribute in the router’s active MIB.
For example, if an entity filter for FTP has a Message Severity Mask of “wfi,” the
filter passes only FTP event messages that have a severity level of warning (w),
fault (f), or information (i).
Filtering by Slot Number
The router stores event messages in the log buffer associated with each slot. You
can configure an entity filter to select for forwarding only event messages logged
on the slots you specify. You must specify at least one slot in the range 1 to 14,
where the slot numbers depend on the router model.
Note:
Syslog checks the message severity mask only when you accept the
default event message number range of 0 to 255 for the same filter. This causes
Syslog to ignore event numbers as criteria for selecting and forwarding
messages to a remote host.