Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare XOS Command

241

242

243

244

245

246

247

248

249

250

configure log filter events match

ExtremeWare XOS 10.1 Command Reference Guide 249

definitions (the event text and parameter types). The syntax for the parameter types (represented by

<type> in the command syntax above) is:

[bgp [neighbor | routerid] <ip address>

| {destination | source} [ipaddress <ip address> | L4-port | mac-address ]

| {egress | ingress} [slot <slot number> | ports <portlist>]

| netmask <netmask>

| number <number>

| string <match expression>

| vlan <vlan name>

| vlan tag <vlan tag>]

The <value> depends on the parameter type specified. As an example, an event may contain a physical

port number, a source MAC address, and a destination MAC address. To allow only those incidents

with a specific source MAC address, use the following in the command:

configure log filter myFilter add events aaa.radius.requestInit secerity notice match

source mac-address 00:01:30:23:C1:00

The string type is used to match a specific string value of an event parameter, such as a user name. A

string can be specified as a simple regular expression.

Match Versus Strict-Match. The match and strict-match keywords control the filter behavior for

incidents whose event definition does not contain all the parameters specified in a

configure log

filter events match

command. This is best explained with an example. Suppose an event in the

XYZ component, named XYZ.event5, contains a physical port number, a source MAC address, but no

destination MAC address. If you configure a filter to match a source MAC address and a destination

MAC address, XYZ.event5 will match the filter when the source MAC address matches regardless of the

destination MAC address, since the event contains no destination MAC address. If you specify the

strict-match keyword, then the filter will never match, since XYZ.event5 does not contain the

destination MAC address.

In other words, if the match keyword is specified, an incident will pass a filter so long as all parameter

values in the incident match those in the match criteria, but all parameter types in the match criteria

need not be present in the event definition.

More Information. See the command show log on page 283 for more information about severity

levels.

To get a listing of the components present in the system, use the following command:

show log components

To get a listing of event condition definitions, use the following command:

show log events

To see the current configuration of a filter, use the following command:

show log configuration filter {<filter name>}

Example

By default, all log targets are associated with the built-in filter, DefaultFilter. Therefore, the most

straightforward way to send additional messages to a log target is to modify DefaultFilter. In the

following example, the command modifies the built-in filter to allow incidents in the STP component,