Forum Discussion

kev_245_28249's avatar
Icon for Nimbostratus rankNimbostratus
Jun 27, 2011

Info on Syslog/snmp Supression of repeated events.

can anyone provide an information source that details exactly how the syslog/snmp supression of repeated events works?



I have read the release notes for version 9.4.0 and it does not refer to the below:


from sol11127 "However, a change was introduced beginning in BIG-IP version 9.4.0 that prevents duplicate SNMP traps from being sent for the same condition in the event the condition was reported multiple times but is missing appropriate priority/log levels. This change involves matching the specific error ID and log level along with the message body."




2 Replies

  • Or can anyone tell me where throttling is configured? i would like to be able to detail what the default behaviour is.


    Throttling example


    sol11934:The BIG-IP system throttles log messages reporting a node status change



    It also seems that the mgmt interface has the ability to buffer. For example if the interface goes down it can send a delayed snmp trap when it comes back up again with the correct timestamp. Does anyone know of some information on this?







  • I thought I would keep adding to my post as I find stuff.




    So if I use the logger command to generate a syslog message I do see a trap arrive at my server.


    If I repeat the same message within 30 seconds it does not resend another trap. After 30 seconds it does send a new trap.





    SOL10524 states some logging rate limits:


    • More than five log messages with the same message ID within a 1-second interval
    • More than 20 log messages from any single module with the same message ID within a 2-second interval