RE: [syslog-ng] Limit logging frequency of specific messages?
I don't understand. How might limiting be possible with a filter? Could you give a brief example? Thanks. Alex -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Wednesday, February 15, 2006 5:09 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Limit logging frequency of specific messages? it should be possible with a filter, I'll add a bugreport to our bugzilla. (maybe there's one already though) On Tue, 2006-02-14 at 15:14 -0500, Frank Myhr wrote:
Hi,
This morning a daemon went nuts and sent enough messages to fill up my logging partition in a few seconds. As this partition is under /var (/var/log) this made some other parts of my system unhappy. I think I've fixed the particular problem that led to my system's self-inflicted DOS but got to wondering if there's a way that syslog-ng could limit the frequency with which it logs certain user-defined messages. Something like iptables' limit match:
-m limit --limit 15/hour --limit-burst 30
I haven't found a way to do this with syslog-ng 1.6.5 (debian sarge). Is something like this feasible (or better, planned for a future release) (or best: already there)?
Thanks! Frank _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html <p class=MsoNormal><span style='font-size:8.5pt'>This e-mail contains Omaha Public Power District's confidential and proprietary information and is for use only by the intended recipient. Unless explicitly stated otherwise, this e-mail is not a contract offer, amendment, nor acceptance. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</p>
On Wed, 2006-02-15 at 07:40 -0600, SOLIS, ALEX wrote:
I don't understand. How might limiting be possible with a filter? Could you give a brief example? Thanks.
I mean this should be implemented as a filter, it is not currently possible. For example: filter f_rate { rate-limit("15/hour" per-host(yes)); }; log { source(src); filter(f_rate); destination(dst); }; This could even be combined with other filters like: filter f_rate { rate-limit("15/hour" per-host(yes)); }; filter f_never_rate_limit { match("interesting patterns"); }; filter f_rate_limit { not filter(f_never_rate_limit) and filter(f_rate); } log { source(src); filter(f_rate_limit); destination(dst); }; -- Bazsi
participants (2)
-
Balazs Scheidler
-
SOLIS, ALEX