Example: Ignoring Events Based on Receipt of Other Events
In the following policy, if any of event1, event2, or event3 has occurred, and either event4 or event5 has occurred within the last 600 seconds, and event6 has not occurred within the last 800 seconds, then the event that triggered the policy (event1, event2, or event3) is ignored, meaning system log messages are not created.
Sometimes events are generated repeatedly within a short period of time. In this case, it is redundant to execute a policy multiple times, once for each instance of the event. Event dampening allows you to slow down the execution of policies by ignoring instances of an event that occur within a specified time after another instance of the same event.
In the following example, an action is taken only if the eventd process has not received another instance of the event within the past 60 seconds. If an instance of the event has been received within the last 5 seconds, the policy is not executed and a system log message for the event is not created again.