user_alert.conf, <matched message> and negation
I'm using user_alert.conf to send emails about VIPs exceeding their connection limit, so we have a section in /config/user_alert.conf that looks like this:
alert BIGIP_IP_REJECT_CONN_LIMIT {
email toaddress="dlg@example.com";
}
But now we have a customer that is using the LTM's connection limits to throttle the connection rate into an app so it's not overwhelmed. This results in thousands of emails, and of course it doesn't make the exchange admins very happy.
Pretty much the only doc I'm able to find on user_alert.conf is sol3727, which just says that the alert line can look like this:
alert <alert_name> "<matched message>" {
but doesn't go on to explain what matched message can look like. I'd like to use a negation, so, any message that matches BIGIP_IP_REJECT_CONN_LIMIT that doesn't contain a particular port would generate an email, but log messages for that port would not.
Help?