Filter List (FL) Files
Suppose you have a list of message IDs that trigger email alerts. You can write a complex filter expression combining the IDs with logical OR. This approach can work if 2-3 such items are in the list. However, maintaining such a filter expression becomes difficult if there are many message IDs or the list changes frequently. It also has a negative impact on performance.
A Filter List (FL) file simplifies the filter expression to a single optimized operation, and data is extracted in a separate text file. This also simplifies integration with other solutions: file contents can be generated or modified by third-party software.
How to Create/Edit an FL File
Using Syslog Watcher Manager
To create a new FL file, click FL Files (Main Toolbar) and select New Filter List (FL) File…
Make changes and save the file with the fl extension (*.fl) to C:\ProgramData\SyslogWatcherNG\filter_lists\
To edit an existing FL file, click FL Files (Main Toolbar) and select Edit Filter List (FL) File…
Make changes and save the file with the fl extension (*.fl) to C:\ProgramData\SyslogWatcherNG\filter_lists\
FL File Format
The FL file structure is trivial. Each line is a single value.
LINK-3-UPDOWN LINK-3-LINK_FAULT LINK-3-TOOSMALL
Using FL Files in Filter Expressions
A filter expression supports the IN operator to work with FL files. The IN operator checks if the FL file (specified after the operator in quotes) contains the formatted text (specified before the operator). The name of the FL file must be specified without extension (*.fl). Syslog Watcher adds the .fl extension and searches for the file in C:\ProgramData\SyslogWatcherNG\filter_lists\.
{APPNAME} IN "allowed_apps"
{ORIGINATOR_ID} IN "block_list"
{MSGID|lower} IN "known_errors"For convenience and readability, Syslog Watcher supports the inverse operator NOT_IN.
{MSGID} NOT_IN "known_errors" is equivalent to not {MSGID} IN "known_errors"