I am looking for recommendations on the best / most efficient method to exclude a specific item (not a node) from notifications and alarms triggered from events that include specific text strings in the log message.
The event syslogmessage "Message:" may include the name or IP Address of a server or pool that I on which I do not want to get a notice or alarm. There will be multiple text strings to consider (if the message contains 192.168.244.4, 192.168.244.5, etc. or if the message contains "doodle", "mail", "Ted", etc.) do not trigger a notification or alarm. Of course, if any of the identified text strings are not in the message the notification and alarm should be sent.
On the following message I would like to be able to exclude it based on the IP address, the text "mail", or the text "green --> gray".
Message: alert gtmd: 011a4003:1: SNMP_TRAP: Pool /Common/mail.domain.com member /Common/mail.domain.com_vs (ip:port=192.168.244.4:0) state change green --> gray (Not Authorized)
The desire would be for this to effect any UEI. uei.opennms.org/vendor/F5/traps/bigipLogAlert, uei.opennms.org/syslogd/local0/Error, uei.opennms.org/syslogd/local1/Error, uei.opennms.org/syslogd/local6/Error, uei.opennms.org/syslogd/mail/Error, etc.
The two solutions I can think of include:
1) edit notifications for each uei to consider and put in the text to include
2) create a reduction event and use part of the text to identify the node and then limit the nodes to consider.
Both of these ideas seem like they will be a maintenance headache.
Thank you for the suggestions.