[syslog-ng] Filtering duplicate messages
Balazs Scheidler
bazsi at balabit.hu
Tue May 27 18:25:37 CEST 2008
On Mon, 2008-05-26 at 20:05 -0700, stucky wrote:
> I've been after this since I switched to ng and realized this feature
> was not migrated over (for reasons beyond me since this was the only
> good feature of syslog !)
> I'd be very interested in having this ported to the 2.x branch but I'm
> not a programmer so I need to rely on you code gurus for that.
> Nice to see that someone is on it and I'd be happy to help test it !
the problem with suppressing duplicate messages is that it loses too
much information, and once you collect messages from several devices
into the same file, the message "Last message repeated N times" does not
really have too much information. You lose:
* host information
* timing
* the message itself
So analyzing this is almost impossible. I might integrate a patch that
implements this, though.
--
Bazsi
More information about the syslog-ng
mailing list