To filter logs from certain IP addresses (like 10.200.35.XX in this example), save in /var/log/zone_a.log file and then stop processing them (to omit duplicates) use similar rule:
:fromhost-ip, contains, "10.200.35." /var/log/zone_a.log & ~
It’s easy to miss something when you need to monitor dozen of logs on different servers and some other devices. Hopefully there is a simple solution as you can use rsyslog with PostgreSQL or MySQL support to store all local and remote events on your network and then visualize results using LogAnalyzer (with is PHP based).
To send events from remote syslog daemon:
*.* @local.rsyslog.server
After populating database inform rsyslog to use MySQL db:
$ModLoad ommysql.so *.* :ommysql:server,dbname,user,pass
Configure rsyslog to listen on udp port and accept events only from predefined hosts or networks:
$ModLoad imudp $UDPServerRun 514 $AllowedSender UDP, 11.21.33.41, 10.5.3.0/24