[syslog-ng] Filtering duplicate messages

stucky stucky101 at gmail.com
Tue May 27 22:08:21 CEST 2008 

Bazsi

I see your point but wouldn't it be possible to include the host info as
well f.e.

date host1 xxxxxxxxxxxxxx
date host2 yyyyyyyyyyyyyy
date host3 zzzzzzzzzzzzzz
date host 1 xxxxxxxxxxxxx
date host2 message repeated n times

meaning that the last message host2 sent was repeated n times shortly after
eventhough other hosts have sent stuff in the meantime as well.
Or you could include the original message ( or at least the first few
characters of it) itself in the repeat message like:

host2 message "zzzzzzzzzzzzzzzzzzzzzzz" was repeated n times

just throwing out ideas

On Tue, May 27, 2008 at 9:25 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:

> On Mon, 2008-05-26 at 20:05 -0700, stucky wrote:
> > I've been after this since I switched to ng and realized this feature
> > was not migrated over (for reasons beyond me since this was the only
> > good feature of syslog !)
> > I'd be very interested in having this ported to the 2.x branch but I'm
> > not a programmer so I need to rely on you code gurus for that.
> > Nice to see that someone is on it and I'd be happy to help test it !
>
> the problem with suppressing duplicate messages is that it loses too
> much information, and once you collect messages from several devices
> into the same file, the message "Last message repeated N times" does not
> really have too much information. You lose:
>  * host information
>  * timing
>  * the message itself
>
> So analyzing this is almost impossible. I might integrate a patch that
> implements this, though.
>
> --
> Bazsi
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>


-- 
stucky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080527/0f07c6e4/attachment.htm

More information about the syslog-ng mailing list