[syslog-ng] suppress repeated messages feature in 2.0 ?

[stucky]

Balzi

Sorry if this is redundant. I thought I read something about it but I can't
find it anymore so I thought I ask again. It's a very simple question.

Will syslog-ng-2.0 include the 'suppress repeated messages' feature that
syslogd has ?

That's the one thing I really miss since it causes email floods (5000 and
more at one time). I know there is stuff like SEC and I am trying to look
into it.
However, I like the mechanism I have in place right now except it has no
threshold feature. I honestly believe that this should be accomplished by
the log daemon itself rather than a parser.
Just something similar to syslogd where it prints a certain burst of 5 or 10
messages of the same kind that then adds one line saying "previous message
repeated 1000 times" etc..

I know with SEC I can say if this message shows up x times within a certain
window then alert me. However that's not really what I want.
I want a logparser that says if one source logs the same message 1000 times
in a row then alert me once and skip the other messages...
Well I'm sure everyone knows what I'm talking about.
Is anyone using SEC in conjunction with syslog-ng to achieve exactly that ?

-- 
stucky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060622/f05453f0/attachment.html