Rich, Syslog compression (i.e. the "-c" switch in other flavors of syslogd) is the one feature not available in syslog-ng that is available in other versions of syslogd. My understand is this feature might be added in a future release. The other responses to this thread are saying that turning on syslog compression removes the volume component from your log which is important for determining security or IT relevance of an event. In some environments, admins are forced to enable compression because certain systems are verbose (e.g. forwarding firewall/VPN traffic logs, kerberos ticketing environments, etc.). Consider an approach where you rewrite the raw logs to a summarized version that does aggregation to preserve the volume/frequency data. For example, each day after log rotation, run a Perl script to rewrite the log. Tom On 3/27/06, Richard Legault <rlegault@sandvine.com> wrote:

How can I prevent a log from being written that is identical to the log message that immediately preceded it. I would like to throttle those messages so that they can only be printed once every 10 minutes, those occurring between would simply be dropped.

Richard Legault Senior Engineer 519-880-2400 ext 2722 www.sandvine.com

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html