[no] filter filter-id
config>log
This command creates a context for an event filter. An event filter specifies whether to forward or drop an event or trap based on the match criteria.
Filters are configured in the filter filter-id context and then applied to a log in the log-id log-id context. Only events for the configured log source streams destined for the log ID where the filter is applied are filtered.
Any changes made to an existing filter, using any of the sub-commands, are immediately applied to the destinations where the filter is applied.
The no form of the command removes the filter association from log IDs, which causes those logs to forward all events.
No event filters are defined.
uniquely identifies the filter
default-action {drop | forward}
no default-action
config>log>filter
The default action specifies the action that is applied to events when no action is specified in the event filter entries or when an event does not match the specified criteria.
When multiple default-action commands are entered, the last command overwrites the previous command.
The no form of the command reverts to the default value.
default-action forward
the events that are not explicitly forwarded by an event filter match are dropped
the events that are not explicitly dropped by an event filter match are forwarded
[no] entry entry-id
config>log>filter
This command is used to create or edit an event filter entry. Multiple entries may be created using unique entry-id numbers. The -TiMOS implementation exits the filter on the first match found and executes the action in accordance with the action command.
Comparisons are performed in an ascending entry ID order. When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Matching ceases when a packet matches an entry. The entry action is performed on the packet, either drop or forward. To be considered a match, the packet must meet all the conditions defined in the entry.
An entry may have no match criteria defined (in which case, everything matches) but must have at least the action keyword for it to be considered complete. Entries without the action keyword will be considered incomplete and rendered inactive.
The no form of the command removes the specified entry from the event filter. Entries removed from the event filter are immediately removed from all log IDs where the filter is applied.
No event filter entries are defined. An entry must be explicitly configured.
uniquely identifies a set of match criteria corresponding action within a filter. Entry ID values should be configured in staggered increments so you can insert a new entry in an existing policy without renumbering the existing entries.
action {drop | forward}
no action
config>log>filter>entry
This command specifies a drop or forward action associated with the filter entry.
If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.
When multiple action commands are entered, the last command will overwrite the previous command.
The no form of the command removes the specified action statement.
no action
specifies that packets matching the entry criteria will be dropped
specifies that packets matching the entry criteria will be forwarded
[no] match
config>log>filter>entry
This command enables the context to enter or edit match criteria for a filter entry. When the match criteria is satisfied, the action associated with the entry is executed.
If more than one match parameter (within one match statement) is specified, then all the criteria must be satisfied and functional before the action associated with the match is executed.
Use the applications command to display a list of the valid applications.
Match context can consist of multiple match parameters (application, event-number, severity, subject), but multiple match statements cannot be entered per entry.
The no form of the command removes the match criteria for the entry-id.
No match context is defined.
application {eq | neq} application-id
no application
config>log>filter>entry>match
This command adds a TiMOS application as an event filter match criterion.
A TiMOS application is the software entity that reports the event. Examples of applications include: IP, MPLS, CLI, and SERVICES. Only one application can be specified per entry.
When multiple application commands are entered, the last command will overwrite the previous command.
The no form of the command removes the application as a match criterion.
no application
specifies that the matching criteria should be equal to the specified value
specifies that the matching criteria should not be equal to the specified value
the application name string
message {eq | neq}pattern pattern [regexp]
no message
config>log>filter>entry>match
This command adds system messages as a match criterion.
The no form of the command removes system messages as a match criterion.
specifies that the matching criteria should be equal to the specified value
specifies that the matching criteria should not be equal to the specified value
specifies a message up to 400 characters in length to be used in the match criteria
specifies the type of string comparison to use to determine if the log event matches the value of message command parameters. When the regexp keyword is specified, the string in the message command is a regular expression string that will be matched against the message string in the log event being filtered. When the regexp keyword is not specified, the default matching algorithm used is a basic substring match.
number {eq | neq | lt | lte | gt | gte} event-id
no number
config>log>filter>entry>match
This command adds a TiMOS application event number as a match criterion.
TiMOS event numbers uniquely identify a specific logging event within an application.
Only one number command can be entered per event filter entry. If multiple number commands are entered, the last command overwrites the previous command.
The no form of the command removes the event number as a match criterion.
no event-number
this operator specifies the type of match. Valid operators are listed in Table: Valid Match Operators for Event Numbers.
Operator |
Notes |
|---|---|
eq |
Equal to |
neq |
Not equal to |
lt |
Less than |
lte |
Less than or equal to |
gt |
Greater than |
gte |
Greater than or equal to |
the event ID, expressed as a decimal integer
router {eq | neq} router-instance [regexp]
no router
config>log>filter>entry>match
This command specifies the log event matches for the router.
specifies that the matching criteria should be equal to the specified value
specifies that the matching criteria should not be equal to the specified value
specifies a router name up to 32 characters to be used in the match criteria
specifies the type of string comparison to use to determine if the log event matches the value of router command parameters. When the regexp keyword is specified, the string in the router command is a regular expression string that will be matched against the router string in the log event being filtered. When the regexp keyword is not specified, the router command string is matched exactly by the event filter.
severity {eq | neq | lt | lte | gt | gte} severity-level
no severity
config>log>filter>entry>match
This command adds an event severity level as a match criterion. Only one severity command can be entered per event filter entry. When multiple severity commands are entered, the last command overwrites the previous command.
The no form of the command removes the severity match criterion.
no severity
this operator specifies the type of match. Valid operators are listed in Table: Valid Operators for Event Severity.
Operator |
Notes |
|---|---|
eq |
Equal to |
neq |
Not equal to |
lt |
Less than |
lte |
Less than or equal to |
gt |
Greater than |
gte |
Greater than or equal to |
the ITU severity level number. Table: Severity Levels lists severity levels and corresponding numbers per ITU standards M.3100 X.733 & X.21 severity levels.
Severity Number |
Severity Level |
|---|---|
1 |
Cleared |
2 |
Indeterminate (info) |
3 |
Critical |
4 |
Major |
5 |
Minor |
6 |
Warning |
subject {eq | neq} subject [regexp]
no subject
config>log>filter>entry>match
This command adds an event subject as a match criterion.
The subject is the entity for which the event is reported, such as a port. In this case, the port-id string would be the subject.
Only one subject command can be entered per event filter entry. If multiple subject commands are entered, the last command overwrites the previous command.
The no form of the command removes the subject match criterion.
no subject
specifies that the matching criteria should be equal to the specified value
specifies that the matching criteria should not be equal to the specified value
a string used as the subject match criterion
specifies the type of string comparison to use to determine if the log event matches the value of subject command parameters. When the regexp keyword is specified, the string in the subject command is a regular expression string that will be matched against the subject string in the log event being filtered.
When the regexp keyword is not specified, the subject command string is matched exactly by the event filter.