I have the (Node Related Syslog Messages) resource added to a Node Details view. The node has the following (example) syslog messages:
--------------------
| 11/9/2012 02:48 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show conn |
| 11/9/2012 02:47 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show conn |
| 11/9/2012 02:47 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show conn |
| 11/9/2012 02:47 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show conn |
| 11/9/2012 02:45 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show conn |
| 11/9/2012 02:44 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show conn |
| 11/9/2012 02:43 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed the 'enable' command. |
| 11/9/2012 02:43 PM 10.20.30.40 10.20.30.40 | : User priv level changed: Uname: USERID From: 1 To: 15 |
| 11/9/2012 02:43 PM 10.20.30.40 10.20.30.40 | : Login permitted from 10.10.10.102/59462 to management:10.20.30.40/ssh for user "USERID" |
| 11/9/2012 02:05 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show running-config |
| 11/9/2012 02:04 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show running-config |
| 11/9/2012 02:04 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed cmd: show configuration |
| 11/9/2012 02:03 PM 10.20.30.40 10.20.30.40 | : User 'USERID' executed the 'enable' command. |
| 11/9/2012 02:03 PM 10.20.30.40 10.20.30.40 | : User priv level changed: Uname: USERID From: 1 To: 15 |
| 11/9/2012 02:03 PM 10.20.30.40 10.20.30.40 | : Login permitted from 10.10.10.10/45697 to management:10.20.30.40/ssh for user "USERID" |
--------------------
I want to filter out all the "User 'USERID' executed cmd: show conn" from the resource so I have defined the following filter:
Message NOT Like '*show conn*'
Save...resource still shows. If I edit the filter and remove "NOT", exactly same result. I'm at a loss why a filter with a "like" or a "not like" returns the same data.