----- Original Message ----- > From: "Rainer Gerhards" <[email protected]> > To: "rsyslog-users" <[email protected]> > Sent: Friday, May 3, 2013 1:23:57 PM > Subject: Re: [rsyslog] counting messages in a rule > > I would suggest to add an enhancement request to the bug tracker if you > would liek to see that. Also, it wouldn't be a bad idea to ping me late > next week to see if I am free to work on it... >
I will open up RFE. I would love to contribute on this. Some pointers would help me a lot for implementing this feature. For interim, I wrote message modifier module which does this job. Regards, Bala > Rainer > > > On Thu, May 2, 2013 at 5:30 PM, Gary Foster <[email protected]> wrote: > > > I use redis for this. I have rsyslog incrementing various counters in > > redis depending on the message details using Brian's omhiredis plugin. > > > > -- Gary F. > > > > On May 2, 2013, at 5:34 AM, Balamurugan Arumugam <[email protected]> > > wrote: > > > > > > > > > > > ----- Original Message ----- > > >> From: "Rainer Gerhards" <[email protected]> > > >> To: "rsyslog-users" <[email protected]> > > >> Sent: Thursday, May 2, 2013 5:35:49 PM > > >> Subject: Re: [rsyslog] counting messages in a rule > > >> > > >> On Thu, May 2, 2013 at 12:26 PM, Balamurugan Arumugam > > >> <[email protected]>wrote: > > >> > > >>> > > >>> > > >>> ----- Original Message ----- > > >>>> From: "Rainer Gerhards" <[email protected]> > > >>>> To: "rsyslog-users" <[email protected]> > > >>>> Sent: Thursday, May 2, 2013 3:22:51 PM > > >>>> Subject: Re: [rsyslog] counting messages in a rule > > >>>> > > >>>> On Thu, May 2, 2013 at 11:39 AM, Balamurugan Arumugam > > >>>> <[email protected]>wrote: > > >>>> > > >>>>> > > >>>>> Hello list, > > >>>>> > > >>>>> I would like to count and set for given app-name and syslogseverity. > > >>> For > > >>>>> example, > > >>>>> > > >>>>> count = 0 > > >>>>> if $app-name == 'gluster' and $syslogseverity-text == 'crit' then { > > >>>>> count = count + 1 > > >>>>> set $!usr!count = count > > >>>>> > > >>>> > > >>>> set $!usr!count = $!usr!count + 1; > > >>> > > >>> > > >>> It doesn't work as expected. > > >>> > > >>> I didn't pay close enough attention. You want to have a message > > counter. > > >> Therfore you need global variables. They are not available yet. I did > > not > > >> implement them as I was/am very curios if they are actually needed. > > What's > > >> the use case behind this request? > > >> > > > > > > I feel it will be very useful. My use case is, alert user by email,snmp > > etc on basis of message count per severity/facility. For example, raise > > snmp trap of every 10th critical messages, every 50th send mail to admin, > > on every 100th alert manager and reset the count etc. > > > > > > Thanks, > > > Bala > > > > > > > > >> Thx, > > >> Rainer > > >> > > >>> > > >>> [2013-05-02T15:53:32.217691+05:30] { "pid": 4188, "uid": 0, "gid": 0, > > >>> "appname": "gluster", "exe": "\/usr\/sbin\/gluster", "cmd": "gluster > > --xml > > >>> --mode=script volume info ", "usr": { "count": 1 } } > > >>> [2013-05-02T15:53:32.217753+05:30] { "pid": 4188, "uid": 0, "gid": 0, > > >>> "appname": "gluster", "exe": "\/usr\/sbin\/gluster", "cmd": "gluster > > --xml > > >>> --mode=script volume info ", "usr": { "count": 1 } } > > >>> [2013-05-02T15:53:32.279690+05:30] { "pid": 4188, "uid": 0, "gid": 0, > > >>> "appname": "gluster", "exe": "\/usr\/sbin\/gluster", "cmd": "gluster > > --xml > > >>> --mode=script volume info ", "usr": { "count": 1 } } > > >>> [2013-05-02T15:53:32.279708+05:30] { "pid": 4188, "uid": 0, "gid": 0, > > >>> "appname": "gluster", "exe": "\/usr\/sbin\/gluster", "cmd": "gluster > > --xml > > >>> --mode=script volume info ", "usr": { "count": 1 } } > > >>> [2013-05-02T15:53:32.279822+05:30] { "pid": 4188, "uid": 0, "gid": 0, > > >>> "appname": "gluster", "exe": "\/usr\/sbin\/gluster", "cmd": "gluster > > --xml > > >>> --mode=script volume info ", "usr": { "count": 1 } } > > >>> [2013-05-02T15:53:32.279834+05:30] { "pid": 4188, "uid": 0, "gid": 0, > > >>> "appname": "gluster", "exe": "\/usr\/sbin\/gluster", "cmd": "gluster > > --xml > > >>> --mode=script volume info ", "usr": { "count": 1 } } > > >>> > > >>> Is this known issue in rsyslog-7.3.9 from fedora rawhide on fedora 18? > > >>> > > >>> Thanks, > > >>> Bala > > >>> > > >>> > > >>>> Rainer > > >>>> > > >>>>> } > > >>>>> > > >>>>> Could someone give me a pointer how I can achieve this? > > >>>>> > > >>>>> > > >>>>> Thanks in advance, > > >>>>> > > >>>>> Regards, > > >>>>> Bala > > >>>>> _______________________________________________ > > >>>>> rsyslog mailing list > > >>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > > >>>>> http://www.rsyslog.com/professional-services/ > > >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > > >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > >>> myriad > > >>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > you > > >>>>> DON'T LIKE THAT. > > >>>>> > > >>>> _______________________________________________ > > >>>> rsyslog mailing list > > >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > > >>>> http://www.rsyslog.com/professional-services/ > > >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > > >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > myriad > > >>> of > > >>>> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T > > >>>> LIKE THAT. > > >>>> > > >>> _______________________________________________ > > >>> rsyslog mailing list > > >>> http://lists.adiscon.net/mailman/listinfo/rsyslog > > >>> http://www.rsyslog.com/professional-services/ > > >>> What's up with rsyslog? Follow https://twitter.com/rgerhards > > >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > myriad > > >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > >>> DON'T LIKE THAT. > > >>> > > >> _______________________________________________ > > >> rsyslog mailing list > > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> http://www.rsyslog.com/professional-services/ > > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > myriad of > > >> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T > > >> LIKE THAT. > > >> > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
