[syslog-ng]Flood Protection
Rule, Ted
syslog-ng@lists.balabit.hu
Wed, 19 Nov 2003 09:27:54 -0000
Surely one can code round that little problem.
Instead of maintaining a history table which records the number
of times the last message has been received, one records the
number of times in the last N seconds that a given client's
last message has been repeated. The history table, instead of
being one count, and one string buffer, becomes an array indexed
by clients of with each item containing a count and a buffer
and a timestamp.
Obviously the table would have to be size limited and probably
idle-time-purged, to avoid it eating up resource.
Ted
> -----Original Message-----
> From: syslog-ng-admin@lists.balabit.hu=20
> [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Jason Haar
> Sent: Tuesday 18 November 2003 22:10
> To: syslog-ng@lists.balabit.hu
> Subject: Re: [syslog-ng]Flood Protection
>=20
>=20
> On Wed, 2003-11-19 at 04:02, Thomas V=F6gtle wrote:
> > I want to have the same as that:
> > Nov 18 15:58:56 tv2 user: allwaysthesame
> > Nov 18 15:58:56 tv2 last message repeated 137 times
> >=20
>=20
> One problem with this feature is that it can only work if the last 137
> syslog events to occur were the same event. We run a large centralized
> syslog server environment, with lots of syslog clients, and=20
> as such this
> sort of limiting feature never really gets to work, as it's quite rare
> for one event to occur record after record without some other client
> squirting in a new record.=20
>=20
> Oh well...
>=20
> Cheers
>=20
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>=20
>=20
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>=20
>=20
***************************************************************************=
*********************
This E-mail message, including any attachments, is intended only for the pe=
rson
or entity to which it is addressed, and may contain confidential informatio=
n.
If you are not the intended recipient, any review, retransmission, disclosu=
re,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.
If you have received this E-mail message in error, please contact the autho=
r and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the v=
iews
and opinions of FLEXTECH Television Limited.
***************************************************************************=
*********************