RE: [syslog-ng]Flood Protection

19 Nov 2003

      Surely one can code round that little problem.

Instead of maintaining a history table which records the number
of times the last message has been received, one records the
number of times in the last N seconds that a given client's
last message has been repeated. The history table, instead of
being one count, and one string buffer, becomes an array indexed
by clients of with each item containing a count and a buffer
and a timestamp.

Obviously the table would have to be size limited and probably
idle-time-purged, to avoid it eating up resource.

Ted
...
-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu 
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Jason Haar
Sent: Tuesday 18 November 2003 22:10
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Flood Protection
On Wed, 2003-11-19 at 04:02, Thomas Vögtle wrote:
...
I want to have the same as that:
Nov 18 15:58:56 tv2 user: allwaysthesame
Nov 18 15:58:56 tv2 last message repeated 137 times
One problem with this feature is that it can only work if the last 137
syslog events to occur were the same event. We run a large centralized
syslog server environment, with lots of syslog clients, and 
as such this
sort of limiting feature never really gets to work, as it's quite rare
for one event to occur record after record without some other client
squirting in a new record.
Oh well...
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
************************************************************************************************
This E-mail message, including any attachments, is intended only for the person
or entity to which it is addressed, and may contain confidential information.
If you are not the intended recipient, any review, retransmission, disclosure,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.
If you have received this E-mail message in error, please contact the author and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the views
and opinions of FLEXTECH Television Limited.
************************************************************************************************

Rule, Ted

tags

participants (1)