Bazsi I see your point but wouldn't it be possible to include the host info as well f.e. date host1 xxxxxxxxxxxxxx date host2 yyyyyyyyyyyyyy date host3 zzzzzzzzzzzzzz date host 1 xxxxxxxxxxxxx date host2 message repeated n times meaning that the last message host2 sent was repeated n times shortly after eventhough other hosts have sent stuff in the meantime as well. Or you could include the original message ( or at least the first few characters of it) itself in the repeat message like: host2 message "zzzzzzzzzzzzzzzzzzzzzzz" was repeated n times just throwing out ideas On Tue, May 27, 2008 at 9:25 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2008-05-26 at 20:05 -0700, stucky wrote:
I've been after this since I switched to ng and realized this feature was not migrated over (for reasons beyond me since this was the only good feature of syslog !) I'd be very interested in having this ported to the 2.x branch but I'm not a programmer so I need to rely on you code gurus for that. Nice to see that someone is on it and I'd be happy to help test it !
the problem with suppressing duplicate messages is that it loses too much information, and once you collect messages from several devices into the same file, the message "Last message repeated N times" does not really have too much information. You lose: * host information * timing * the message itself
So analyzing this is almost impossible. I might integrate a patch that implements this, though.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- stucky