LogAnalysis
[logs] Is "last message repeated n times" anything good? Mar 18 2008 10:11AM
Rainer Gerhards (rgerhards hq adiscon com) (3 replies)
Hi all,

I am the author of rsyslog (http://www.rsyslog.com), a GPLed enhanced
syslogd. I am currently developing the v3 version and would appreciate
feedback on the "last message repeated n times" feature.

In order to be backwards-compatible with sysklogd, rsyslog supports the
"last message repeated n times" message compression feature. However,
this feature is prone to causing user trouble. Some even think that it
is a design flaw (there has been some previous discussion on this list,
this posting is probably a good entry point into a lengthy thread:
http://www.loganalysis.org/pipermail/loganalysis/2008-January/000547.htm

l ).

>From the rsyslog core engine point of view, "last message repeated n
times" is quite costly in terms of code complexity and even performance.
There is a -e command line switch to turn it off, which most users seem
to use (and those that don't use it often seem to run into troubles).

I am very tempted to DROP this feature from future builds. That would
result in a great code complexity reduction (really, it takes a lot of
effort...) and probably also rid rsyslog of a standard trouble spot.
However, it also means that its compression features is no longer
available. As far as I know (which is not very far ;)) syslog-ng does
not support that feature at all.

Before I drop the feature, I'd like to receive as broad feedback as
possible from potential users.
Does anybody actually need this feature? If so, why is it good?

Please provide feedback.

Thanks,
Rainer

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] Is "last message repeated n times" anything good? Mar 19 2008 06:52PM
Stephen Carville (stephen carville gmail com)
Re: [logs] Is "last message repeated n times" anything good? Mar 18 2008 04:38PM
Andreux Fort ($B$"$s$I$j$e!<(B) (afort choqolat org) (1 replies)
Re: [logs] Is "last message repeated n times" anything good? Mar 18 2008 05:18PM
Daniel Cid (dcid ossec net) (1 replies)
RE: [logs] Is "last message repeated n times" anything good? Mar 18 2008 05:26PM
Rainer Gerhards (rgerhards hq adiscon com)
Re: [logs] Is "last message repeated n times" anything good? Mar 18 2008 03:43PM
Marcus J. Ranum (mjr ranum com) (1 replies)
RE: [logs] Is "last message repeated n times" anything good? Mar 18 2008 05:29PM
Rainer Gerhards (rgerhards hq adiscon com) (2 replies)
Re: [logs] Is "last message repeated n times" anything good? Mar 18 2008 06:48PM
Gord Taylor (taylorgo gmail com) (1 replies)
RE: [logs] Is "last message repeated n times" anything good? Mar 19 2008 08:07AM
Rainer Gerhards (rgerhards hq adiscon com)
RE: [logs] Is "last message repeated n times" anything good? Mar 18 2008 06:38PM
Dee-Ann LeBlanc (dee splunk com)


 

Privacy Statement
Copyright 2010, SecurityFocus