Skip to main content
Version: User Guide 6.5

Filter List (FL) Files

Suppose you have a list of message IDs that trigger email alerts. You can write a complex filter expression combining the IDs with logical OR. This approach can work if 2-3 such items are in the list. However, maintaining such a filter expression becomes difficult if there are many message IDs or the list changes frequently. It also has a negative impact on performance.

Filter List (FL) file simplifies the filter expression to a single optimized operation, and data is extracted in a separate text file. Also, this simplifies integration with other solutions: file contents can be generated or modified by third-party software.

How to Create/Edit an FL File

Using Syslog Watcher Manager

To create a new FL file, click FL Files (Main Toolbar) and select New Filter List (FL) File...
Make changes and save the file with the fl extension (*.fl) to C:\ProgramData\SyslogWatcherNG\filter_lists\

To edit an existing FL file, click FL Files (Main Toolbar) and select Edit Filter List (FL) File...
Make changes and save the file with the fl extension (*.fl) to C:\ProgramData\SyslogWatcherNG\filter_lists\

Using an External Text Editor

Create a new file or edit an existing file in C:\ProgramData\SyslogWatcherNG\filter_lists\
Make sure the files have the fl extensions (*.fl).

Please note

The ProgramData folder can be hidden on your system by default.

FL File Format

The FL file structure is trivial. Each line is a single value.

File Content Example

LINK-3-UPDOWN
LINK-3-LINK_FAULT
LINK-3-TOOSMALL

Using FL Files in Filter Expressions

A filter expression supports the IN operator to work with FL files. The IN operator checks if the FL file (specified after the operator in quotes) contains the formatted text (specified before the operator). The name of the FL file must be specified without extension (*.fl). Syslog Watcher adds the .fl extension and searches for the file in C:\ProgramData\SyslogWatcherNG\filter_lists\.

Filter Examples

{APPNAME} IN "allowed_apps"
{ORIGINATOR_ID} IN "block_list"
{MSGID|lower} IN "known_errors"

For convenience and readability, Syslog Watcher supports the inverse operator NOT_IN.

Filter Example

{MSGID} NOT_IN "known_errors" equals to not {MSGID} IN "known_errors"