On Fri, 26 Apr 2013, Balamurugan Arumugam wrote:
I'm not familiar with log skipper, pointer please?
I meant of discarding logs if its repeated N times.
There is an option to change N messages to one message followed by "message
repeated N-1 times", but that only works if there are no other messages in
between the repeats.
I believe that it's disabled by default nowdays. It's usually better for the
alerting engine to be able to see the messages an alert on them than to just
have a 'message repeated' message
Is the behavior configurable like for specific priority, progname, message
regex etc?
As far as I know, it applies to the message as a whole, you may be able to rig
something up with rsyslog filtering the message into a new input to itself and
apply the detection on that new input, but at that point you really are using
the wrong tool for the job.
David Lang
My go-to tool for any non-trivial alerting is Simple Event Correlator,
(SEC)
http://simple-evcorr.sourceforge.net/
for lower volume setups I create a named pipe (mkfifo) and have SEC read
from
it
and rsyslog write to it
for higher log volumes with more complex configs, I have multiple copies
of
SEC
running, with rsyslog filtering logs so that a subset of logs go to each
instance of SEC (and the seperate instances of SEC generate log messages
to
pass
interesting correlations to other copies).
for very high log volumes, this latter approach can be spread across
multiple
machines.
Thanks,
Bala
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
