Here is a copy of the alert we receive every night at the same time, this happened after we upgraded orion.
%SEC-6-IPACCESSLOGP: list xxx-FW-OUT denied udp 10.200.3.200(62503) -> 192.168.250.38(161), 1 packet An error was seen on router xxxx.xxxx.xxxx.xxxxx
The 10.200.3.200 is our orion ip and its sending info. To 192.168.250.38 which is dropped by an ACL, the 192 address is on the other side of a vendor partner router.
We receive 4 alerts from 3 other partner routers, orions is scheduled to perform a scan at this time every night. How can we exclude ip’s.
There should be a IP Range configured on the scheduled scan you mentioned, you can modify to ranges accordingly to exclude that particular IP address.