[syslog-ng]iptables syslog-ng logs way to big

[John Kristoff]

On Fri, 17 Dec 2004 11:37:16 +0100
garvald@bluemail.ch wrote:

> bit of a problem with too many logs being generated and i'm not sure what
> to do. I'm using a iptables firewall setup like this:

Log sampling might be a nice experimental feature to have in this and
other related cases.  In some cases such as logging all possible filter
denies or logging all queries in busy DNS servers, getting a copy of
every single log may not be necessary and due to quantity, impractical.

In the simplest case, every N messages would be logged to disk, but in
more complex scenarios it could based on message content or specific
source and use a more advanced algorithm rather than logging every N
messages.

John