Suppress a syslog event on a specific interface

How might one go about suppressing a syslog event for a specific interface, but still receive all other events for that device and interface? For example, you have a syslog event message like: 52...

event_management

BryanHarding
3 months ago
'As you cannot suppress events via sub-entity (what you're extracting with Identifier Pattern, in this case "TenGigE0/1/1/7") I would suggest that you have two Event Policies; one with a lower Detection Weight that includes "TenGigE0/1/1/7" within one of the required matches and is marked for suppression against the particular device and a second Event Policy with higher Detection Weight to match the remainder.

Ex.

(PKT_INFRA-LINK-[35]+-[^\s])+(?=.*TenGigE0\/1\/1\/7)

In theory you could also choose to invert the approach by having an event policy that only matches if it doesn't contain certain text with a second event policy that catches all and suppresses against specific device(s), but depending on how many policies and devices you're managing that could change which approach makes more sense.

Forum Discussion

Suppress a syslog event on a specific interface

Related Content

Suppressing Specific BGP peers

Extend Internal Interface collection

Restrict Interface Internal collection

Group rules for Interface

Upgrade SL1 user interface - AP2 Espresso does not support Aurora3 in AWS environment (SaaS)

Recent Discussions

Sending Sub-ID information into incident integration

Poll Summary for specific Dynamic Application

API to get devices aligned to a dynamic app

Suppressing Specific BGP peers

Low Code error when running Dynamic App