Is there a way to suppress trap or syslog actions from a specific source given a rule that collects traps for all devices? For example, if I have an alert setup to send an e-mail every time a link up or down trap is received, and that link starts flapping on one device, can i automatically suppress alerts from that device and still receive link/up trap e-mails from other devices? The best solution I could come up with was to make a catch all rule that says if X amount of link up/down traps are received within Y time frame, execute an action that runs a script. When the script is run, pass it the ${IPAddress} (or some other value) as a command line argument. The script will go into the database, find the rule that sends the e-mail, add logic that says if trap value A = $commandLineArgument then do not send an email. There are a few ways that could be done, but that is the high level idea. There are other issues with that as well....but that's the only way I can think of to make it work.
↧