You can update the syslog configuration itself to consolidate logging of the same message directly using the suppression option. This writes a single message for the log in the selected time period.
https://www.juniper.net/documentation/us/en/software/junos/idp-policy/topics/ref/statement/security-edit-suppression.html
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 11-05-2023 02:53
From: djadhav
Subject: Question on event policies
Hi.
How do I use an event policy to dampen the logging of an event to syslog,
For example, if I have event EVENT1 occuring every second, and I want it to be logged to syslog only every 60 seconds, how do I write an event policy to make that happen?
I saw certain Juniper documentation provide the following:
event-options {
policy dampen-policy {
events EVENT1;
within 60 events EVENT1;
then {
ignore;
}
}
However, I think this would result in EVENT1 never being logged to syslog, since there would never be a 60 second window without EVENT1 occurring (given that it occurs every second).
Thanks,
Deepak