[syslog-ng] rate-limit

Julien lecubin julien.lecubin at imcce.fr
Thu Jun 18 18:34:34 CEST 2009 

hi list,

what's the best way with syslog-ng to control the number of syslog mail 
notifications coming from a machine  ?
I'm currently using perl script to send notification but sometime it 
just floods my mail (some 600 mails in 5 minutes for a single event)

I want to rate limit it to only 1 mail in 5 minute per host or message.

/etc/syslog-ng/syslog-ng.conf :
-----------------------------

[...]
destination d_mail {
       program("perl /usr/local/bin/mail_log_mailsend.pl $MSG ");
};

[...]
filter f_notify_by_mail {level(emerg,alert,crit); };

[...]
log { source(s_network); filter(f_notify_by_mail); destination(d_mail); };

mail_log_sendmail.pl
--------------------
use MIME::Lite;
while (<>)
{

# $_ contains the Log
my $body = "Mail from Syslog-ng  $_ ";
my $msg = MIME::Lite->new (
            From    =>'syslog-ng at my_domain.fr',
            To      =>'service.informatique at my_domain.fr',
            Subject =>'[SYSLOG-NG] Avertissement',
            Type    =>'multipart/related');

$msg -> attach (Type =>  'text/html',
               Data => qq {$body});

MIME::Lite->send('smtp','imap', Timeout=>60);
$msg -> send or die "Impossible to send mail!";

}

Is there's a notification_interval control (as i use in nagios) i can 
add in my syslog config file ? I didn't found anything in the man page 
(maybe i'm reading like a frog)
Anyone have any clues / examples to show ?

tks,

julien Lecubin

-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Julien LECUBIN
Institut de Mecanique Celeste et de Calcul des Ephemerides
CNRS UMR 8028 - Observatoire de Paris
77, avenue Denfert Rochereau
75014 PARIS
tel : 01.40.51.22.80
fax : 01.46.33.28.34
julien.lecubin at imcce.fr | service.informatique at imcce.fr
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090618/1aa60535/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3609 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090618/1aa60535/attachment-0001.bin

More information about the syslog-ng mailing list