The log manager uses event filter policies to control which events are forwarded or dropped based on various criteria. Like other policies with the 7705 SAR, filter policies have a default action. The default actions are either:
forward
drop
Filter policies also include a number of filter policy entries that are identified with an entry ID and define specific match criteria and a forward or drop action for the match criteria.
Each entry contains a combination of matching criteria that define the application, event number, router, severity, and subject conditions. The entry's action determines how the packets should be treated if they have met the match criteria.
Entries are evaluated in order from the lowest to the highest entry ID. The first matching event is subject to the forward or drop action for that entry.
Filter policy 1001 exists by default and collects events for the Serious Error Log (log ID 100). Filter policy 1001 is preconfigured with one entry that is configured to collect events of major severity or higher. Filter policy 1001 can be reconfigured by the user.
Valid operators are displayed in Table: Valid Filter Policy Operators .
Operator |
Description |
|---|---|
eq |
Equal to |
neq |
Not equal to |
lt |
Less than |
lte |
Less than or equal to |
gt |
Greater than |
gte |
Greater than or equal to |
A match criteria entry can include combinations of:
equal to or not equal to a specified system application
equal to, not equal to, less than, less than or equal to, greater than, or greater than or equal to an event number within the application
equal to, not equal to, less than, less than or equal to, greater than, or greater than or equal to a severity level
equal to or not equal to a router name string or regular expression match
equal to or not equal to an event subject string or regular expression match