To Add a new filter, click the Add button at the top of the Filter table.
Filter expression is a set of conditions that need to be met in order for filter action to be triggered. Condition are based on the syslog message severity, facility, message content or device(s) that sent it (based on source IP address). Each condition type has several condition operands depending on the possible values, for instance Severity has options >, <, =, !=, >=, <= and “between” operands.
The conditions are added by clicking on the “+” icon and composite conditions are added by clicking on the “+()“ icon. Composite conditions will appear in the filter expression in the brackets, and are generally used if you need a condition in the form of Cond1 AND (Cond2 OR Cond3).
Logical operator between condition are set by the drop-down list next to “+” and “+()” options: Match All (AND), Match Any (OR), Match None (NAND).
By default, filter action is set to Accept and filter status to Active.