Comments (3)
Real life problem example: http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal#Count_.22Last_message_repeated_N_times.22_correctly
from rsyslog-doc.
The solution to that is to avoid the use of RepeatedMsgReduction. What you are
seeing there is an attempt to work around the problems that it causes.
Unfortunantly, when you start getting logs delivered from multiple machines (so
that they are interleved), or out of order (very possible with batch processing
of logs) determining what the 'last message' was in order to treat 'message
repeated X times' as X of those messages, becomes hard or impossible.
This is why this now defaults to off in rsyslog, you just avoid this entire
problem
In addition, if you do turn it on, rsyslog appends the line to the 'message
repeated X times' message so that you actually can tell what the (beginning of
the) message was.
But the easiest thing to do is pretend that this monstrosity of a standard never
existed :-)
David Lang
On Mon, 5 May 2014, Thomas D. wrote:
Date: Mon, 05 May 2014 17:10:42 -0700
From: Thomas D. [email protected]
Reply-To: rsyslog/rsyslog-doc
<reply+i-27875432-f09b95c90f0673a0ff0de94208a53b30abd0825e-2208335@reply.g
ithub.com>
To: rsyslog/rsyslog-doc [email protected]
Cc: davidelang [email protected]
Subject: Re: [rsyslog-doc] add more info to RepeatedMsgReduction (#19)Real life problem example: http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal#Count_.22Last_message_repeated_N_times.22_correctly
Reply to this email directly or view it on GitHub:
#19 (comment)
from rsyslog-doc.
I have updated the doc at least a bit, including some more of the fine
details. I also took the liberty to borrow some of your text, David ;)
Not perfect, but probably better. Hopefully someone will help to go through
all this legacy doc. We need to also merge this properly with the
new-style. I'll carry on on all this as good as I can :-)
Rainer
On Wed, Feb 19, 2014 at 2:44 PM, davidelang [email protected]:
http://www.rsyslog.com/doc/v8-devel/configuration/global/options/rsconf1_repeatedmsgreduction.html
I think this defaults to off, but the page doesn't make that clear.
This is really something that breaks a lot of log processing and so should
be discouragedfirst, it would help to have a sample showing several logs, then the same
thing with this turned on. One thing is that I believe the behaviour
changed over versions. In very old versions the message logged was just
"last message repeated N times", but I believe around version 4 or so it
changed to include the message after this so you could tell what message
was repeated.then there should be a blurb saying that while turning this on can save
some space in logs, most log analysis tools need to see the repeated
messages, they can't handle the "last message repeated" format. This is a
feature that worked decades ago when logs were small and reviewed by a
human, it fails badly on high volume logs processed by tools.—
Reply to this email directly or view it on GitHubhttps://github.com//issues/19
.
from rsyslog-doc.
Related Issues (20)
- create doc for omazureeventhubs
- Is the description of the $AllowedSender correct?
- Create doc for TLS CRL (Certificate revocation list) List Parameters
- Please do not ship __pycache__ directories in release tarball HOT 2
- Logs masking support HOT 5
- improve doc on rsyslog website HOT 3
- Create doc for imdtls and omdtls
- create an all-new rsyslog beginner's guide
- revise doc on different configuration formats and what to recommend
- Add PDF Support HOT 3
- Remove invalid characters like (U+2033)
- Typo in sample code for $DropTrailingLFOnReception
- "Canonical" way of writing the rsyslog software name HOT 1
- Change NotifyOnConnectionOpen into NotifyOnConnectionClose
- queue.dequeueSlowDown and queue.dequeueBatchSize clarification
- add equals sign to example config for PermittedPeer["*.example.net"]
- Sample syslog.conf is missing PermittedPeer
- tutorial fails to meet its goal of allowing only permitted peers
- Format issue: Documentation text overflows horizontally in certain pages HOT 1
- Message modifiction plugin links are broken on the site
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rsyslog-doc.