[syslog-ng]"last message repeated NN times"?
Ed Ravin
syslog-ng@lists.balabit.hu
Sat, 10 Jan 2004 17:33:07 -0500
I recall someone pointing out last year that syslogd has a feature
where it can compress a burst of messages into a note like:
Jan 10 17:01:06 loghost last message repeated 24 times
While syslog-ng didn't have that. Is that still the case? I just
ran into this with a mongo runaway program that logged several hundred
messages a second, which filled up my log partition.
If this feature still isn't in syslog-ng, is it one that we want? I could
see it as a source option like "suppress-repeats", where it would spit out
the original message followed by a tag, like this:
Jan 10 17:25:39 loghost inetd[7729]: Connection from 10.24.1.168 [REPEATED 1024 TIMES]
and maybe arguments to "suppress-repeats" like how many repeats should be
printed before kicking in, or perhaps even a regex describing which parts
of the log message to ignore before comparing it to the previous one.
Thanks,
-- Ed