User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSummit Summit4

121

122

123

124

125

126

127

128

129

130

128 ExtremeWare 7.2e Installation and User Guide

Status Monitoring and Statistics

expression is only compared with the messages that have already passed the target’s filter. For more

information on controlling the format of the messages, see the section, “Formatting Event Messages”.

Simple Regular Expressions. A simple regular expression is a string of single characters including

the dot character (.), which are optionally combined with quantifiers and constraints. A dot matches any

single character while other characters match only themselves (case is significant). Quantifiers include

the star character (*) that matches zero or more occurrences of the immediately preceding token.

Constraints include the caret character (^) that matches at the beginning of a message, and the currency

character ($) that matches at the end of a message. Bracket expressions are not supported. There are a

number of sources available on the Internet and in various language references describing the operation

of regular expressions. Table 26 shows some examples of regular expressions.

Matching Parameters

Rather than using a text match, ExtremeWare’s EMS allows you to filter more efficiently based on the

message parameter values. In addition to event components and conditions and severity levels, each

filter item can also use parameter values to further limit which messages are passed or blocked. The

process of creating, configuring, and using filters has already been described in the section, “Filtering

By Components and Conditions”, so this section will discuss matching parameters with a filter item. To

configure a parameter match filter item, use the following command:

configure log target [console-display | memory-buffer | nvram | session |

syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]]

filter <filter name> {severity <severity> {only}}

Each event in ExtremeWare is defined with a message format and zero or more parameter types. The

show log events detail command can be used to display event definitions (the event text and

parameter types). Only those parameter types that are applicable given the events and severity specified

are exposed on the CLI. The <value> depends on the parameter type specified. As an example, an event

may contain a physical port number, a source MAC address, and a destination MAC address. To allow

only those Bridging incidents, of severity

notice and above, with a specific source MAC address, use

the following command:

configure log filter myFilter add events bridge severity notice match source

mac-address 00:01:30:23:C1:00

The string type is used to match a specific string value of an event parameter, such as a user name. A

string can be specified as a simple regular expression.

Table 26: Simple Regular Expressions

Regular Expression Matches Does not match

port port 2:3

import cars

portable structure

poor

por

pot

.ar baar

bazaar

rebar

bar

port.*vlan port 2:3 in vlan test

add ports to vlan

port/vlan

myvlan$ delete myvlan

error in myvlan

myvlan port 2:3

ports 2:4,3:4 myvlan link down