[Logcheck-devel] Bug#412779: wishlist: be able to remove duplicates for some log messages
Karl Chen
quarl+keyword+debbugs.533ecf at nospam.quarl.org
Wed Feb 28 03:55:21 UTC 2007
Package: logcheck
Version: 1.2.54
Severity: wishlist
Hi, I have a wishlist request. If there's interest in this
feature, I'm willing to look into implementing it.
I'd like to be able to configure, for specific messages or
for all messages, to only show the first N occurrences of a
message (and report number of total occurences).
For example, sometimes NTP gets misconfigured and spews a
message once per minute. If I don't fix this problem right
away, the "security events" log gets drowned in noise.
I get messages like this:
Feb 24 22:02:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error!
Feb 24 22:03:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error!
Feb 24 22:04:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error!
Feb 24 22:05:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error!
In this case, it would be nice if the email simply reports
that the message, which other than timestamp is identical,
repeats for a total of 60 times, 54 occurrences elided.
Another use case is if I have a syntax error in my
SpamAssassin config file. Every time an email arrives, I
also get an additional email like
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 3 line with syntax error
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 4 line with syntax error
Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 5 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 3 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 4 line with syntax error
Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 5 line with syntax error
Feb 24 22:03:41 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error
Feb 24 22:03:41 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error
In this second example, the duplicated lines aren't
consecutive, though groups of them are.
More information about the Logcheck-devel
mailing list