Extreme Networks ExtremeWare Command Reference Manual page 679

definitions (the event text and parameter types). The syntax for the parameter types (represented by
<type> in the command syntax above) is:
[bgp [neighbor | routerid] <ip address>
| eaps <eaps domain name>
| {destination | source} [ipaddress <ip address> | L4-port | mac-address ]
| {egress | ingress} [slot <slot number> | ports <portlist>]
| netmask <netmask>
| number <number>
| string <match expression>
| vlan <vlan name>
| vlan tag <vlan tag>]
The <value> depends on the parameter type specified. As an example, an event may contain a physical
port number, a source MAC address, and a destination MAC address. To allow only those incidents
with a specific source MAC address, use the following command:
configure log filter myFilter add events bridge severity notice match source
mac-address 00:01:30:23:C1:00
The string type is used to match a specific string value of an event parameter, such as a user name. A
string can be specified as a simple regular expression.
Match Versus Strict-Match. The
incidents whose event definition does not contain all the parameters specified in a
filter events match
XYZ component, named XYZ.event5, contains a physical port number, a source MAC address, but no
destination MAC address. If you configure a filter to match a source MAC address and a destination
MAC address, XYZ.event5 will match the filter when the source MAC address matches regardless of the
destination MAC address, since the event contains no destination MAC address. If you specify the
strict-match
destination MAC address.
In other words, if the
values in the incident match those in the match criteria, but all parameter types in the match criteria
need not be present in the event definition.
The ExtremeWare CLI exposes the keywords
only when they are valid given the set of events specified in the command. This behavior guides you to
form more meaningful filter match criteria. For example, a MAC address is not used to match BGP
events where MAC address parameters are not present.
and Keyword. Use the
those in the incident. For example, to allow only those events with specific source and destination MAC
addresses, use the following command:
configure log filter myFilter add events bridge severity notice match source
mac-address 00:01:30:23:C1:00 and destination mac-address 01:80:C2:00:00:02
ExtremeWare 7.5 Command Reference Guide
match
command. This is best explained with an example. Suppose an event in the
keyword, then the filter will never match, since XYZ.event5 does not contain the
keyword is specified, an incident will pass a filter so long as all parameter
match
keyword to specify multiple parameter type/value pairs that must match
and
and keywords control the filter behavior for
strict-match
,
match strict-match
configure log filter events match
configure log
, and individual parameter types
679