Hello,
You need to do it in 2 policies:
event-options {
policy alarms {
events SYSTEM;
attributes-match {
SYSTEM.message matches "(alarm set)|(Core dumped)";
}
then {
raise-trap;
}
}
policy ignore {
events SYSTEM;
attributes-match {
SYSTEM.message matches "(alarm set SFP)";
}
then {
ignore;
}
}
And when You enable event traceoptions, You should see following in the logs:
Oct 18 09:37:05 Policy <ignore> says event <SYSTEM> should be ignored. Ignoring other policies for this event and not caching this event
HTH
Thx
Alex