syslog and "...last message repeated..."
A slightly off subject question. I've installed syslog-ng on a central AIX server, setup to receive and process log messages from all of the other servers in our network. In our environment, we want to be able to watch for messages of a common theme that might be coming from disparate systems. As part of the implementation, in addition to simply logging the messages, I have syslog-ng forwarding (through named pipes) all of the messages on to a daemon we've implemented that performs the desired "collection" work. (In addition to lots of other things of course.) My question is this: Is there anyway to stop the distributed syslogd daemons from aggregating messages? Having a message with the string "abcd..." repeated is easy to track, no matter the sourcing system. Having the same message from system "a", followed by some other messages from systems "b"-"z", followed by "...last message repeated 2 times..." from system "a" makes keeping track of message counts very complicated. Thanks in advance! John --- John A. Parker Senior Programmer/Analyst - AIX Cornell University jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)
On Tue, May 23, 2000 at 12:49:54PM -0400, John A. Parker wrote:
My question is this: Is there anyway to stop the distributed syslogd daemons from aggregating messages? Having a message with the string "abcd..." repeated is easy to track, no matter the sourcing system. Having the same message from system "a", followed by some other messages from systems "b"-"z", followed by "...last message repeated 2 times..." from system "a" makes keeping track of message counts very complicated.
the "...last message repeated 2 times..." is created by the local syslog daemon (IOW before it is sent to your loghost). The Solaris, IRIX, (i think) Tru64, and apparently AIX syslogd's from the respecive vendors all do this. Unfortunately, I can see no way to turn this form of log compression off (under Solaris, IRIX, and AIX at least), aside from running syslog-ng on the client side of things. If running syslog-ng every where isn't an option, then all I can think of is "I don't suppose AIX's syslogd is open source?" ---------------------------------------------------------------------------- __o Bradley Arlt Email: arlt@cpsc.ucalgary.ca o__ _ \<_ WWW: www.acs.ucalgary.ca/~bdarlt _>/ _ (_)/(_) -Eat well, sleep peacefully, drink lots, and ride like hell. (_)\(_)
participants (2)
-
Brad Arlt
-
John A. Parker