On Fri, 2013-04-26 at 03:09 -0400, Balamurugan Arumugam wrote: > > ----- Original Message ----- > > From: "Rainer Gerhards" <[email protected]> > > To: "rsyslog-users" <[email protected]> > > Sent: Friday, April 26, 2013 12:22:41 PM > > Subject: Re: [rsyslog] keeping state information > > > > > > > > I meant of discarding logs if its repeated N times. > > > > > > There is an option to change N messages to one message followed by > > > "message > > > repeated N-1 times", but that only works if there are no other messages > > > in > > > between the repeats. > > > > > > I believe that it's disabled by default nowdays. > > > > Yup, but it has become considerably more useful in v7.3 (but still one may > > doubt...). In previous versions, it applied to the message stream as whole, > > now we have a per-input setting (this is part of the new ratelimiting > > features). IIRC, you can now also turn it on/off on a per-input module > > basis. > > This is very interesting. Could you share a pointer to doc how to use this? > It should be in the relevant module's doc. When I find some time, I can see if I pick it up... > > > > It's usually better > > > for the > > > alerting engine to be able to see the messages an alert on them than to > > > just > > > have a 'message repeated' message > > > > Jup - and together with this "do not do this more often than every n > > seconds" > > feature it is a kind of "alarm compression". > > > > Thanks, > Bala > > > > Rainer > > > > > > David Lang > > > > > > > > > > >> My go-to tool for any non-trivial alerting is Simple Event > > > Correlator, (SEC) > > > >> http://simple-evcorr.sourceforge.net/ > > > >> > > > >> for lower volume setups I create a named pipe (mkfifo) and have SEC > > > read from > > > >> it > > > >> and rsyslog write to it > > > >> > > > >> for higher log volumes with more complex configs, I have multiple > > > copies of > > > >> SEC > > > >> running, with rsyslog filtering logs so that a subset of logs go to > > > each > > > >> instance of SEC (and the seperate instances of SEC generate log > > > messages to > > > >> pass > > > >> interesting correlations to other copies). > > > >> > > > >> for very high log volumes, this latter approach can be spread across > > > multiple > > > >> machines. > > > >> > > > > > > > > Regards, > > > > Bala > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST > > > if you DON'T LIKE THAT. > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST > > > if you DON'T LIKE THAT. > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT.
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
