Specifications
Event Management System/Logging
ExtremeWare XOS 10.1 Concepts Guide 105
wanted to pass a small set of events, and block most. If you want to exclude a small set of events, there
is a default filter that passes events at or above the default severity threshold (unless the filter has been
modified), named DefaultFilter, that you can copy to use as a starting point for your filter.
Once you have created your filter, you can then configure filter items that include or exclude events
from the filter. Included events are passed, excluded events are blocked. Use the following command to
configure your filter:
configure log filter <filter name> [add | delete] {exclude} events [<event condition>
| [all | <event component>] {severity <severity> {only}}]
For example, if you create the filter myFilter from scratch, then issue the following command:
configure log filter myFilter add events stp
All STP component events will pass myFilter of at least the default threshold severity (for the STP
component, the default severity threshold is
error). You can further modify this filter by specifying
additional conditions. For example, assume that myFilter is configured as before, and assume that you
want to exclude the STP.CreatPortMsgFail event. Use the following command to add that condition:
configure log filter myFilter add exclude events stp.creatportmsgfail
You can also add events and subcomponents to the filter. For example, assume that myFilter is
configured as before, and you want to include the STP.InBPDU subcomponent. Use the following
command to add that condition:
configure log filter myFilter add events stp.inbpdu
You can continue to modify this filter by adding more filter items. The filters process events by
comparing the event with the most recently configured filter item first. If the event matches this filter
item, the incident is either included or excluded, depending on whether the
exclude keyword was
used. Subsequent filter items on the list are compared if necessary. If the list of filter items has been
exhausted with no match, the event is excluded, and is blocked by the filter.
To examine the configuration of a filter, use the following command:
show log configuration filter {<filter name>}
The output produced by the command (for the earlier filter) is similar to the following:
Log Filter Name: myFilter
I/ Severity
E Comp. Sub-comp. Condition CEWNISVD
- ------- ----------- ----------------------- --------
I STP InBPDU --------
E STP CreatPortMsgFail -E------
I STP --------
Include/Exclude: I - Include, E - Exclude
Component Unreg: * - Component/Subcomponent is not currently registered
Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info
Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data
+ - Debug Severities, but log debug-mode not enabled
If Match parameters present:
Parameter Flags: S - Source, D - Destination, (as applicable)
I - Ingress, E - Egress, B - BGP
Parameter Types: Port - Physical Port list, Slot - Physical Slot #
MAC - MAC address, IP - IP Address/netmask, Mask - Netmask