[syslog-ng]last message repeated?

Rule, Ted syslog-ng@lists.balabit.hu
Thu, 28 Aug 2003 11:36:27 +0100 

Dear old syslogd has explicit code to save a copy of the last message recei=
ved,
and compare it with the current message ( less the timestamp field and it o=
nly saves 256
bytes of message(?) ), so as to throttle out such floods. It's fairly basic=
, however,
as it imposes no time restriction on the history buffer, so duplicate messa=
ges hours
apart don't cause separate messages to be logged.

As far as I'm aware, syslog-ng has never had this feature, but I agree it
would be highly desirable to add to future releases. On the face of it, the
basic functionality provided in syslogd shouldn't be difficult thing to cod=
e.
however, the tricky bells&whistles feature would be to add a separate messa=
ge=20
history/throttle/cache(?)/aging(?) for each source IP so that a server
could correctly spot multiple copies of the same message within a given tim=
eframe
even if intervening messages were from a different source.
=20


Ted



	 -----Original Message-----
	From: 	Chuck Berg <chuck@encinc.com>@FLEXTECH =20
	Sent:	Wednesday 02 July 2003 21:53
	To:	syslog-ng@lists.balabit.hu
	Subject:	[syslog-ng]last message repeated?

	=20
	Is there a particular reason why syslog-ng doesn't generate "last message
	repeated x times" messages? It's very unfortunate to have the disk on my
	log server fill up because of one machine flooding the logs.

	For example, Solaris will send one "WARNING: /tmp: File system full, swap
	space limit exceeded" message for every write() that fails for that
	reason. It's easy to get tens of thousands of these per second.
	_______________________________________________
	syslog-ng maillist  -  syslog-ng@lists.balabit.hu
	https://lists.balabit.hu/mailman/listinfo/syslog-ng
	Frequently asked questions at http://www.campin.net/syslog-ng/faq.html



***************************************************************************=
*********************
This E-mail message, including any attachments, is intended only for the pe=
rson
or entity to which it is addressed, and may contain confidential informatio=
n.
If you are not the intended recipient, any review, retransmission, disclosu=
re,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.
If you have received this E-mail message in error, please contact the autho=
r and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the v=
iews
and opinions of FLEXTECH Television Limited.
***************************************************************************=
*********************