[syslog-ng]config question
Jackson, Aaron D. (OCTO)
Aaron.Jackson@dc.gov
Fri, 6 Dec 2002 13:28:38 -0500
I have syslog-ng installed on several Solaris 8 machines and it is working
fine. The other day an application (Cisco Secure) blew up and started
generating millions of the following log messages in a very short period:
Dec 4 15:34:31 acs CiscoSecure: [ID 310893 local0.error] ERROR - error on
accept
# cat local0.log | grep 'ERROR - error on' | wc -l
13578934
The log file is 1GB in size and is too big to really browse through it.
This situation happened once before when I was using the Solaris syslog
server, however instead of logging all the messages Cisco Secure generated,
it had log entries something like:
Dec 4 15:34:31 acs CiscoSecure: [ID 310893 local0.error] ERROR - error on
accept
Last message repeated 100,000 times.
Is there a way to get syslog-ng to do this? I looked through the docs, but
didn't see a way. Thanks.
Aaron