[syslog-ng] Filtering duplicate messages
chris packham
chris.packham at alliedtelesis.co.nz
Wed May 28 00:21:25 CEST 2008
Yes that's the first problem I ran into with my patch. It worked well
with a single host but when I tried it with multiple hosts things got a
bit messy.
The point about timing information is definitely worth noting. This is
often crucial in debugging issues. I wouldn't suggest making this
default behaviour, admins would have to turn it on with the knowledge
that they may lose some timing info (although the first message will
have the correct time).
On Tue, 2008-05-27 at 18:25 +0200, Balazs Scheidler wrote:
> On Mon, 2008-05-26 at 20:05 -0700, stucky wrote:
> > I've been after this since I switched to ng and realized this feature
> > was not migrated over (for reasons beyond me since this was the only
> > good feature of syslog !)
> > I'd be very interested in having this ported to the 2.x branch but I'm
> > not a programmer so I need to rely on you code gurus for that.
> > Nice to see that someone is on it and I'd be happy to help test it !
>
> the problem with suppressing duplicate messages is that it loses too
> much information, and once you collect messages from several devices
> into the same file, the message "Last message repeated N times" does not
> really have too much information. You lose:
> * host information
> * timing
> * the message itself
>
> So analyzing this is almost impossible. I might integrate a patch that
> implements this, though.
>
More information about the syslog-ng
mailing list