String search in FilterX
FilterX is an experimental feature currently under development. Feedback is most welcome on Discord and GitHub.
Available in AxoSyslog 4.8.1 and later.
Available in AxoSyslog 4.9 and later.
You can check if a string contains a specified string using the includes FilterX function. The startswith and endswith functions check the beginning and ending of the strings, respectively. For example, the following expression checks if the message ($MESSAGE) begins with the %ASA- string:
startswith($MESSAGE, '%ASA-')
By default, matches are case sensitive. For case insensitive matches, use the ignorecase=true option:
startswith($MESSAGE, '%ASA-', ignorecase=true)
All three functions (includes, startswith, and endswith) can take a list with multiple search strings and return true if any of them match. This is equivalent with using combining the individual searches with logical OR operators. For example:
${MESSAGE} = "%ASA-5-111010: User ''john'', running ''CLI'' from IP 0.0.0.0, executed ''dir disk0:/dap.xml"
includes($MESSAGE, ['%ASA-','john','CLI'])
includes($MESSAGE, ['%ASA-','john','CLI'])
includes($MESSAGE, '%ASA-') or includes($MESSAGE, 'john') or includes($MESSAGE, 'CLI')
For more complex searches, or if you need to match a regular expression, use the regexp_search FilterX function.