My organization is in the process of decomming one of our old tools that was responsible for handling all of our SNMP Traps. This tool filters the traps based on the OID (same as building a rule in LA) and escalates the most "critical" OIDs to an alert. there are about 200 OIDs that we have deemed critical.
The functionality i described above is moving to the Log Analyzer tool in Orion.
My question is, how should i best approach writing rules for those 200 individual OIDs that we want to escalate to an alert?
I am thinking of writing 1 or 2 generic rules that is just one giant OR statement (see screenshot below). But i am worried there is a limitation on how many ORs i can have.
I could also write 1 rule per vendor to keep them logically grouped.
I obviously don't want to write 1 rule per OID as that would be a lot to manage
Let me know your thoughts! thanks!