[syslog-ng] rate-limit

Julien lecubin julien.lecubin at imcce.fr
Fri Jun 19 10:31:11 CEST 2009 

thanks now it's working. Note that the suppress() option is supported by 
syslog-ng 2.1.1 and later

Julien Lecubin
> One simplistic approach would be to use the 'suppress' functionality.
>
> e.g.:
>
>   destination d_mail {
>          program("perl /usr/local/bin/mail_log_mailsend.pl $MSG " suppress(60) );
>   };
>
> This only works if the messages were duplicates (same content from same host).
>  
>   
>>>> Julien lecubin <julien.lecubin at imcce.fr> 6/19/2009 4:34 AM >>> 
>>>>         
> hi list,
>
> what's the best way with syslog-ng to control the number of syslog mail notifications coming from a machine  ?
> I'm currently using perl script to send notification but sometime it just floods my mail (some 600 mails in 5 minutes for a single event)
>
> I want to rate limit it to only 1 mail in 5 minute per host or message.
>
> /etc/syslog-ng/syslog-ng.conf :
> -----------------------------
>
> [...]
> destination d_mail {
>        program("perl /usr/local/bin/mail_log_mailsend.pl $MSG ");
> };
>
> [...]
> filter f_notify_by_mail {level(emerg,alert,crit); };
>
> [...]
> log { source(s_network); filter(f_notify_by_mail); destination(d_mail);};
>
> mail_log_sendmail.pl
> --------------------
> use MIME::Lite;
> while (<>)
> {
>
> # $_ contains the Log
> my $body = "Mail from Syslog-ng  $_ ";
> my $msg = MIME::Lite->new (
>             From    =>'syslog-ng at my_domain.fr',
>             To      =>'service.informatique at my_domain.fr',
>             Subject =>'[SYSLOG-NG] Avertissement',
>             Type    =>'multipart/related');
>
> $msg -> attach (Type =>  'text/html',
>                Data => qq {$body});
>
> MIME::Lite->send('smtp','imap', Timeout=>60);
> $msg -> send or die "Impossible to send mail!";
>
> }
>
> Is there's a notification_interval control (as i use in nagios) i can add in my syslog config file ? I didn't found anything in the man page (maybe i'm reading like a frog)
> Anyone have any clues / examples to show ?
>
> tks,
>
> julien Lecubin
>   


-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Julien LECUBIN
Institut de Mecanique Celeste et de Calcul des Ephemerides
CNRS UMR 8028 - Observatoire de Paris
77, avenue Denfert Rochereau
75014 PARIS
tel : 01.40.51.22.80
fax : 01.46.33.28.34
julien.lecubin at imcce.fr | service.informatique at imcce.fr
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090619/cfb220d0/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3609 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090619/cfb220d0/attachment-0001.bin

More information about the syslog-ng mailing list