When I trigger an event testing the notifications, I receive sometimes two and three notifications at a time regarding the event I triggered. The only thing that changes of the multiple notifications are ID and Event ID fields. I have written a rule in the notifd-configuration.xml to auto-resolve an event but when the screen is refreshed, only the most new event ID is auto-acknowledged. I have looked at binding the same notification but this is a Fortigate vendor supplied trap and no syntax I have tried to adjust the UEI in the notifications.xml file will work. Any ideas?
Here is the notifd config that I put in and the notifications.xml listing for the notification in question.
<auto-acknowledge resolution-prefix="RESOLVED: "uei="uei.opennms.org/vendor/fortinet/traps/fortigate/fgTrapVpnTunUp" acknowledge="uei.opennms.org/vendor/fortinet/traps/fortigate/fgTrapVpnTunDown">
<notification name="VPN Tunnel Down" status="on" writeable="yes">
<rule>(IPADDR IPLIKE *.*.*.*)</rule>
<text-message>A VPN Tunnel has been marked down between %parm[#1]% and %parm[#5]%. Please advise</text-message>