Event and Object Analysis > Capture Results Filtering > Filtration Basics > Rules > Actions

Adds an entry to the log for a specified channel and receiver; can be used for filter debugging.

Description

This action sends a text string, values of message tags and labels, or message metadata to the specified receiver (a file, syslog server).

The data are recorded in the following format:

[<timestamp>] <value>

The following can be recorded to the log:

▪The string specified in the value="..." attribute.

▪The list of labels and their values specified in the field="#labels" attribute.

▪The list of tags and their values specified in the field="#tags" attribute.

▪The value of the message metadata header. The field="X-Sensor-..." attribute specifies the name of the header.

The LOG action is useful for the debugging of filters. Add it to certain filter rules to get a detailed report of message processing and modification of metadata, tags and labels.

Please note:
This action is used to debug filters and their behavior during message processing. Applying it too often can result in degraded general performance Microolap EtherSensor and execution environment performance in case of heavy disk writing.

Format

<action name="log" dst="<log-destination>" value="<user string value>" />
<action name="log" dst="<log-destination>" field="<field type>" />

The "name" attribute:

The name attribute contains the action name: name="log".

The "dst" attribute:

The dst="..." attribute specifies the log entry receiver. This can be:

dst="syslog://<syslog-server-ip:port>"

Sends the message to the syslog server over the UDP protocol (RFC-3164).

dst="channel://<channel-name>"

Sends the message to the channel pre-configured in the Watcher service.

dst="file://<full-file-path>"

Saves the message to a file.

The "field" attribute:

The field="..." attribute specifies the type of the message field to be sent to the log. Possible values:

#labels

Output the list of message labels and their values.

#tags

Output the list of message tags and their values.

#from

Output the list of FROM addresses.

#to

Output the list of TO addresses.

#subject

Output the message subject.

X-Sensor-...

Output the value of the message metadata header.

The "value" attribute:

The value="..." attribute specifies the message string to be sent to the log.

Example

Saves the following string to the d:\file\path.log.txt log file:

"[<timestamp>] user string value".

Action:

Saves the following string to the d:\file\path.log.txt log file:

"[<timestamp>] Tags:"
" <TAG = value>"
" <TAG = value>"
" <TAG = value>"

Each tag is written in a separate line.

Action:

Sends the following string to the debug.log.txt channel:

"[<timestamp>] Labels:"
" <LABEL = "value">"
" <LABEL = "value">"
" <LABEL = "value">"

Each label is written in a separate line.

Action:

Sends the following string to the syslog server with the 192.168.0.1:514 address:

"[<timestamp>] X-Sensor-Src-Address: <metadata header value>"

Example

Send message details to the syslog server.

<?xml version="1.0" encoding="utf-8"?>
<filter name="TEST" version="1.0">
<comment>This is the comment for the filter.</comment>
<table name="main">

<rule enabled="true">
<comment>
Sending message details to syslog.
</comment>
<action name="log"
dst="syslog://192.168.0.1:514"
value="Message info dump:" />
<action name="log"
dst="syslog://192.168.0.1:514"
field="X-Sensor-Src-Address" />
<action name="log"
dst="syslog://192.168.0.1:514"
field="X-Sensor-Dst-Address" />
<action name="log" dst="syslog://192.168.0.1:514"
field="#labels" />
<action name="log"
dst="syslog://192.168.0.1:514"
field="#tags" />
</rule>

<rule enabled="true">
<match><c name="all"/></match>
<action name="accept" />
</rule>

</table>
</filter>