Filter Examples

Example 1: Filter for a Specific User's Error Messages

In this example, the filtering policy first checks to determine whether the message has already been logged. The filtering policy then writes to the Windows Event Log the messages whose log event threshold is ERROR and which are issued by user sasuser1: 
<?xml version="1.0" encoding="UTF-8"?>
   <logging:configuration xmlns:
logging="http://www.sas.com/xml/logging/1.0/">
      <appender name="eventLog" class="WindowsEventAppender">
         <param name="AppName" value="SAS Foundation"/>
         <layout>
            <param name="ConversionPattern" 
                          value="%d  %-5p  [%t]  %c  (%F:%L) %u  -  %m"/>
         </layout>
         <filter class="RepeatMatchFilter">
            <param name="AcceptOnMatch" value="false"/>
         </filter>
         <filter class="AndFilter">
            <param name="AcceptOnMatch" value="true"/>
            <filter class="LevelMatchFilter">
               <param name="LevelToMatch" value="error"/>
               <param name="AcceptOnMatch" value="true"/>
           </filter>
           <filter class="StringMatchFilter">
              <param name="StringToMatch" value="sasuser1"/>
              <param name="AcceptOnMatch" value="true"/>
            </filter>
        </filter>
        <filter class="DenyAllFilter">
        </filter>
      </appender>
      <root>
         <level value="trace"/>
          <appender-ref ref="eventLog"/>
      </root>
</logging:configuration>

Example 2: Filter for a Specific Date

The following filtering policy denies log events that were sent on 2011–09–22: 
<filter class="StringMatchFilter">
   <param name="StringToMatch" value="2011-09-22"/>
   <param name="AcceptOnMatch" value="false"/>
</filter>
Copyright © SAS Institute Inc. All rights reserved.