Edit Log Definition Filter Dialog Box

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Use the Edit Log Definition Filter dialog box to create a filter algorithm that refines the logging information that is written to log files. As you create the log definition filter in the hierarchical list at the top of the dialog box, the filter details are displayed in the box at the bottom of the dialog box.

Creating Filters

The default hierarchical list contains an AND logical conjunction as the root node. To create a simple filter, you can immediately add an expression. For example, to log all HTTP transactions that contain 404 (Not found) status codes, you can create the expression ('Status' Equals '404'). You can add an additional expression, which then creates the requirement that both sets of data must be present in the HTTP transaction before it can be logged. For example, to log all HTTP transactions that contain 404 status codes, except for 404.7 (File extension denied) status codes, you can add the expression ('Substatus' Not Equals '7') to create the filter ('Status' Equals '404') AND ('Substatus' Not Equals '7'). In this way, you can continue to add expressions to the AND logical conjunction so that all of the logging field values specified for them must all be present in the HTTP transaction before it can be logged.

You can also use an OR logical disjunction, which specifies that for a set of expressions that you create, only one of the logging field values specified for them must be present in the HTTP transaction before it can be logged. To create an OR logical disjunction in the filter, click the default Condition: AND container in the list, and then in the Condition area of the dialog box, click OR Condition.

The filtering feature supports an additional container level below the root node, so that you can create more complex filters. For example, to log HTTP transactions that contain 404 errors or 503 (Service unavailable) errors, but exclude the 503.2 (Concurrent request limit exceeded) status code, you can create the following filter: ('Status' Equals '404') OR ('Status' Equals '503' AND 'Substatus' Not Equals '2'). To create this example filter, which uses an additional container level in the list, do the following:

  1. Click Condition: AND in the list, and then in the Condition area, click OR condition.

  2. Click Add Expression, and then, in the Expression area, choose the following values:

    • Field: Select Status.

    • Operator: Select Equals.

    • Value: Type 404.

  3. Click Condition: OR in the list, and then click Add Condition to add a new container level below the root node.

  4. Click Add Expression, and then, in the Expression area, choose the following values:

    • Field: Select Status.

    • Operator: Select Equals.

    • Value: Type 503.

  5. Click Condition: AND in the list.

  6. Click Add Expression, and then, in the Expression area, choose the following values:

    • Field: Select Substatus.

    • Operator: Select Not Equals.

    • Value: Type 2.

For more information about how to create log definition filters, see Advanced Logging for IIS 7.0 – Log Filtering.

UI Element List

The following table describes the UI elements that are available in the dialog box.

Element Name Description

Add Expression

Adds an empty expression to the filter, which appears as a leaf node in the hierarchical list. You must provide values for the expression in the Expression area of the dialog box.

Add Condition

Adds an AND logical conjunction to the filter, which appears as a container below the root node in the list. You can change the AND logical conjunction to an OR logical disjunction in the Condition area of the dialog box.

Remove

Removes the selected item from the filter.

Clear Filter

Removes all items from the filter.

AND Condition

Changes the selected OR logical disjunction in the list to an AND logical conjunction.

OR Condition

Changes the selected AND logical conjunction in the list to an OR logical disjunction.

Field

Select the field to be used in the expression in the drop-down list.

Operator

Select one of the following operators to apply to the expression:

  • Equals. The logging field value is the same as the specified value.

  • Not Equals. The logging field value is not the same as the specified value.

  • Greater Than. The logging field value is greater than the specified value.

  • Not Greater Than. The logging field value is the same as or less than the specified value.

  • Less Than. The logging field value is less than the specified value.

  • Not Less Than. The logging field value is the same as or greater than the specified value.

  • Is Present. The logging field contains any value, including no data.

Value

Enter a value for the logging field.

Match case

Select this check box to specify that the filter must match the use of uppercase and lowercase characters specified in Value.

Enable as regular expression

Select this check box to specify that the Value is syntax that is used in a regular expression.

Note
Regular expressions can only be used for logging fields that record string values. For more information about using regular expressions in log definition filters, see Advanced Logging for IIS 7.0 – Log Filtering.

See Also

Concepts

Log Definition Page