Forum Discussion
kev_245_28249
Nimbostratus
NimbostratusInfo on Syslog/snmp Supression of repeated events.
can anyone provide an information source that details exactly how the syslog/snmp supression of repeated events works?
I have read the release notes for version 9.4.0 and it does not refer to the below:
from sol11127 "However, a change was introduced beginning in BIG-IP version 9.4.0 that prevents duplicate SNMP traps from being sent for the same condition in the event the condition was reported multiple times but is missing appropriate priority/log levels. This change involves matching the specific error ID and log level along with the message body."
kev_245_28249Or can anyone tell me where throttling is configured? i would like to be able to detail what the default behaviour is.
Throttling examplesol11934:The BIG-IP system throttles log messages reporting a node status change
It also seems that the mgmt interface has the ability to buffer. For example if the interface goes down it can send a delayed snmp trap when it comes back up again with the correct timestamp. Does anyone know of some information on this?
Thanks- kev_245_28249I thought I would keep adding to my post as I find stuff.
SNMP
So if I use the logger command to generate a syslog message I do see a trap arrive at my server.
If I repeat the same message within 30 seconds it does not resend another trap. After 30 seconds it does send a new trap.
SYSLOG
SOL10524 states some logging rate limits:- More than five log messages with the same message ID within a 1-second interval
- More than 20 log messages from any single module with the same message ID within a 2-second interval