Package: rsyslog Version: 8.2102.0-2 Severity: important Hi,
rsyslog's default configuration comes with a catch-all clause that sends all messages with the "emergency" severity to everybody logged in: *.emerg :omusrmsg:* I today had the situation where a daemon running wild sent tens of thousands of those messages per second to rsyslog. Of course, it became totally impossible to log in to the machine to kill the misbehaving daemon or rsyslog. To make things worse, since the serial console was also spammed with the messages, Magic SysRq didn't work. This was the first time in years I had to actually go to the machine room to pull the power cable from a running system. I would appreciate if it would be possible to have rsyslog rate-limit emergency messages sent to the console of a logged-in user (maybe even as severely as to one per minute?), or at least not print tens of thousands of identical messages to consoles. Maybe the omusrmsg target can be configured with a rate limit in the default config file? If this cannot be done with run-time configuration at the moment, I will be happy to take this issue upstream. Please let me know. Thanks in advance! Greetings Marc -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.11.3-zgws1 (SMP w/4 CPU threads) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages rsyslog depends on: ii init-system-helpers 1.60 ii libc6 2.31-9 ii libestr0 0.1.10-2.1+b1 ii libfastjson4 0.99.9-1 ii liblognorm5 2.0.5-1.1 ii libsystemd0 247.3-1 ii libuuid1 2.36.1-7 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages rsyslog recommends: ii logrotate 3.18.0-2 Versions of packages rsyslog suggests: pn rsyslog-doc <none> pn rsyslog-gssapi <none> pn rsyslog-mongodb <none> pn rsyslog-mysql | rsyslog-pgsql <none> pn rsyslog-openssl | rsyslog-gnutls <none> pn rsyslog-relp <none> -- Configuration Files: /etc/logrotate.d/rsyslog changed [not included] -- no debconf information
