One of our switches has been spamming us with notifications that one of the 10G transceivers has a Rx power threshold violation. This is a false positive because the transceiver isn't made by the switch vendor although it functions perfectly, and I don't want to get these messages.
On the SW Trap Viewer, we have a rule that emails SNMP traps to the network admins. The Source IP is for the whole subnet, Trap Details is *, Conditions are blank, and the Alert Action is to e-mail.
I added a new rule to filter the messages we don't want. The Source IP is for the whole subnet, Trap Details is *THRESHOLD_VIOLATION*, Conditions are blank, and the Alert Action is to discard the trap. I placed this new rule above the existing rule.
Now, I am still getting e-mails for the threshold violation messages, but it notes that they are Marked for Discard. This seems cruel and unusual. Am I missing a step in the new rule that's supposed to filter these out, or do I need to modify the existing rule that sends e-mails on everything?