[syslog-ng] Silence syslog-ng upon connection reopening?
Wolfram Schlich
lists at wolfram.schlich.org
Thu Nov 23 20:16:48 CET 2006
* Balazs Scheidler <bazsi at balabit.hu> [2006-11-23 19:41]:
> On Thu, 2006-11-23 at 19:35 +0100, Wolfram Schlich wrote:
> > Hi,
> >
> > is it possible to silence syslog-ng running on a log client
> > when it reopens a TCP connection to the syslog-ng log server?
> >
> > For example, when you restart syslog-ng on the server due
> > to some configuration change or whatever other reason, syslog-ng on
> > the log client logs this to syslog.err:
> >
> > syslog-ng[13214]: io.c: do_write: write() failed, EOF detected
> > syslog-ng[13214]: pkt_buffer::do_flush(): Error flushing data
> > syslog-ng[13214]: Connection broken to AF_INET(log-server:514), reopening in 10 seconds
> >
> > Can I make syslog-ng NOT log those messages until, let's say,
> > the reopening failed at least N times?
> >
> > The reason is I am using tenshi to monitor the remote logs on the
> > log server in order to alert me about messages with the
> > severities err, crit and emerg.
> >
> > I can, however, add special trash patterns to my tenshi config
> > to disregard the above messages, but I don't feel comfortable
> > about it (for example, when there was a real problem, like a
> > network outage for, let's say, more than 60 seconds).
>
> It is not currently possible, and I don't have a good solution right
> now.
What about logging with severity warn instead of err?
That would solve the problem for me (I do only get notified
immediately about err, crit and emerg).
Can it be done without "breaking" other cases where such
messages would occur and err would be the most suitable
severity?
Best regards
--
Wolfram Schlich
More information about the syslog-ng
mailing list