In a really big secure network environment under certain conditions there's the situation that in a short period of time a huge amount of messages from many encryption devices will be send to the SYSLOG server e.g. like this: '2009-06-08 09:06:48 Local7.Notice <IP> 46785: Jun 8 09:06:51 UTC+2: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from <IP> is bad: certificate invalid'.
Is there a possibility on the message producing device itself to limit (in a way) the amount of (these) messages before they are sent via the network? Or is the only solution to do so on the SYSLOG server via filtering itself?
Thanx for any suggestion.