Automation

Hi.

How do I use an event policy to dampen the logging of an event to syslog, 

For example, if I have event EVENT1 occuring every second, and I want it to be logged to syslog only every 60 seconds, how do I write an event policy to make that happen?

I saw certain Juniper documentation provide the following:

event-options {

  policy dampen-policy {

    events EVENT1;

    within 60 events EVENT1;

    then {

        ignore;

    }

  }

However, I think this would result in EVENT1 never being logged to syslog, since there would never be a 60 second window without EVENT1 occurring (given that it occurs every second).

Thanks,

Deepak

You can update the syslog configuration itself to consolidate logging of the same message directly using the suppression option.  This writes a single message for the log in the selected time period.

https://www.juniper.net/documentation/us/en/software/junos/idp-policy/topics/ref/statement/security-edit-suppression.html

Hi.

How do I use an event policy to dampen the logging of an event to syslog, 

For example, if I have event EVENT1 occuring every second, and I want it to be logged to syslog only every 60 seconds, how do I write an event policy to make that happen?

I saw certain Juniper documentation provide the following:

event-options {

  policy dampen-policy {

    events EVENT1;

    within 60 events EVENT1;

    then {

        ignore;

    }

  }

However, I think this would result in EVENT1 never being logged to syslog, since there would never be a 60 second window without EVENT1 occurring (given that it occurs every second).

Thanks,

Deepak