Kiwi 9.5
I am trying to create a filter to look at the syslog message field and take action if a certain IP comes across. So far I can't get it to work and not sure why.
I have a simple filter using a Simple include of "dstip=172.16." and action is to go to a display.
Nothing comes across. I even moved it to the top of the list and yes, I cycled the syslog service just in case.
Ideas for something so simple?