I have syslog-ng installed on several Solaris 8 machines and it is working fine. The other day an application (Cisco Secure) blew up and started generating millions of the following log messages in a very short period: Dec 4 15:34:31 acs CiscoSecure: [ID 310893 local0.error] ERROR - error on accept # cat local0.log | grep 'ERROR - error on' | wc -l 13578934 The log file is 1GB in size and is too big to really browse through it. This situation happened once before when I was using the Solaris syslog server, however instead of logging all the messages Cisco Secure generated, it had log entries something like: Dec 4 15:34:31 acs CiscoSecure: [ID 310893 local0.error] ERROR - error on accept Last message repeated 100,000 times. Is there a way to get syslog-ng to do this? I looked through the docs, but didn't see a way. Thanks. Aaron
On Fri, Dec 06, 2002 at 01:28:38PM -0500, Jackson, Aaron D. (OCTO) wrote:
This situation happened once before when I was using the Solaris syslog server, however instead of logging all the messages Cisco Secure generated, it had log entries something like:
Dec 4 15:34:31 acs CiscoSecure: [ID 310893 local0.error] ERROR - error on accept Last message repeated 100,000 times.
Is there a way to get syslog-ng to do this? I looked through the docs, but didn't see a way. Thanks.
I don't think syslog-ng does it, but some log reporting tools do. In fact I wrote my own simply to get that feature a couple years ago: http://www.campin.net/newlogcheck.html#newlogcheck -- Nate Campi http://www.campin.net "Familiarity breeds contempt - and children." - Notebooks - Samuel Clemens
participants (2)
-
Jackson, Aaron D. (OCTO)
-
Nate Campi