Specifications
Event Management System/Logging
ExtremeWare XOS 10.1 Concepts Guide 107
Matching Parameters
Rather than using a text match, EMS allows you to filter more efficiently based on the message
parameter values. In addition to event components and conditions and severity levels, each filter item
can also use parameter values to further limit which messages are passed or blocked. The process of
creating, configuring, and using filters has already been described in the section, “Filtering By
Components and Conditions”, so this section will discuss matching parameters with a filter item. To
configure a parameter match filter item, use the following command:
configure log filter <filter name> [add | delete] {exclude} events [ <event condition>
| [all | <event component>] {severity <severity> {only}}] [match | strict-match]
<type> <value>
Each event in ExtremeWare XOS is defined with a message format and zero or more parameter types.
The
show log events all command can be used to display event definitions (the event text and
parameter types). Only those parameter types that are applicable given the events and severity specified
are exposed on the CLI. The syntax for the parameter types (represented by
<type> in the command
syntax above) is:
[bgp [neighbor | routerid] <ip address>
| {destination | source} [ipaddress <ip address> | L4-port <L4-port>| mac-address
<mac-address>]
| {egress | ingress} [slot <slot number> | ports <portlist>]
| netmask <netmask>
| number <number>
| string <match expression>
| vlan <vlan name>
| vlan tag <vlan tag>]
The <value> depends on the parameter type specified. As an example, an event may contain a physical
port number, a source MAC address, and a destination MAC address. To allow only those radius
incidents, of severity
notice and above, with a specific source MAC address, use the following
command:
configure log filter myFilter add events aaa.radius.requestInit secerity notice match
source mac-address 00:01:30:23:C1:00
The string type is used to match a specific string value of an event parameter, such as a user name. A
string can be specified as a simple regular expression.
Match Versus Strict-Match. The match and strict-match keywords control the filter behavior for
incidents whose event definition does not contain all the parameters specified in a
configure log
filter events match
command. This is best explained with an example. Suppose an event in the
XYZ component, named XYZ.event5, contains a physical port number, a source MAC address, but no
destination MAC address. If you configure a filter to match a source MAC address and a destination
MAC address, XYZ.event5 will match the filter when the source MAC address matches regardless of the
port.*vlan port 2:3 in vlan test
add ports to vlan
port/vlan
myvlan$ delete myvlan
error in myvlan
myvlan port 2:3
ports 2:4,3:4 myvlan link down
Table 20: Simple regular expressions (continued)
Regular Expression Matches Does Not Match