[Logcheck-devel] Bug#412779: wishlist: be able to remove duplicates for some log messages

Karl Chen quarl+keyword+debbugs.533ecf at nospam.quarl.org
Wed Feb 28 03:55:21 UTC 2007


Package: logcheck
Version: 1.2.54
Severity: wishlist


Hi, I have a wishlist request.  If there's interest in this
feature, I'm willing to look into implementing it.

I'd like to be able to configure, for specific messages or
for all messages, to only show the first N occurrences of a
message (and report number of total occurences).

For example, sometimes NTP gets misconfigured and spews a
message once per minute.  If I don't fix this problem right
away, the "security events" log gets drowned in noise.

I get messages like this:

Feb 24 22:02:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error!
Feb 24 22:03:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error!
Feb 24 22:04:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error!
Feb 24 22:05:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error!

In this case, it would be nice if the email simply reports
that the message, which other than timestamp is identical,
repeats for a total of 60 times, 54 occurrences elided.

Another use case is if I have a syntax error in my
SpamAssassin config file.  Every time an email arrives, I
also get an additional email like

Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 3 line with syntax error
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 4 line with syntax error
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 5 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 3 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 4 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 5 line with syntax error
Feb 24 22:03:41 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error
Feb 24 22:03:41 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error

In this second example, the duplicated lines aren't
consecutive, though groups of them are.





More information about the Logcheck-devel mailing list