[syslog-ng] Message suppression not working
Balazs Scheidler
bazsi at balabit.hu
Thu Oct 2 15:57:43 CEST 2008
On Thu, 2008-10-02 at 08:39 -0400, Kevin Cruse wrote:
> Bazsi,
>
> I am trying to suppress messages sent to the database and sendmail. I
> have configured suppress(900) globally and within my destinations and it
> doesn't seem to work. Does anyone have this working? I am getting
> flooded with emails when there are problems on my firewalls or routers.
>
> destination d_mysql {
> pipe("/var/log/mysql.pipe"
> template("INSERT INTO logs
> (host, facility, priority, level, tag, datetime, program, msg)
> VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG',
> '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
> '$PROGRAM', '$MSG' );\n") template-escape(yes) suppress(900));
> };
>
> Or
>
> destination mail-alert-perl { program("/usr/local/bin/mail_logger.pl"
> suppress(900)); };
>
> also tried
>
> destination mail-alert-perl { program("/usr/local/bin/mail_logger.pl")
> suppress(900); };
>
> Any help would be appreciated. Thanks.
suppress() only filters duplicates, and is not a general ratelimit.
--
Bazsi
More information about the syslog-ng
mailing list