This may seem like a kludge but it should work: You will need two filters in syslog-ng config file. One sends all instances of the event to a separate regular file. The other removes them from the main php-syslog-ng pipe so as not to pollute your main log.
Then you need a script to monitor the regular file at set intervals. Since the only output hitting this file signifies this event, anon-zero filesize would indicate that the event has occurred. So if the file is non-zero, check the status of a "notification sent" variable. If the variable is false, send a notification and set the variable to true. And loop... You can then play with the notification variable to represent some time interval since the last notify was sent, etc. There are several log-watchers than can handle this stuff directly, like "swatch" and "watcher" and others. The main idea would be two separate the event from the regular log-stream so that it can be processed separately /Jason Manoj Kumar wrote: > Thanks Dear! > > But the problem here is that a particular device sends numerous syslog > messages if the link goes down. > All messages are same and I could not figure any method of rate limiting > that. > > I want a alert mail as soon as the link goes down but this floods my mail > box (some 600 mails in 5 minutes for single event!) > I want to rate limit it to only 1 mail in 5 minutes per host or message. > > Any help would be greatly appreciated. > > Thanks and regards, > Manoj > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Php-syslog-ng-support mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/php-syslog-ng-support
