Karl Chen
2007-Feb-28 03:55 UTC
[Logcheck-devel] Bug#412779: wishlist: be able to remove duplicates for some log messages
Package: logcheck Version: 1.2.54 Severity: wishlist Hi, I have a wishlist request. If there's interest in this feature, I'm willing to look into implementing it. I'd like to be able to configure, for specific messages or for all messages, to only show the first N occurrences of a message (and report number of total occurences). For example, sometimes NTP gets misconfigured and spews a message once per minute. If I don't fix this problem right away, the "security events" log gets drowned in noise. I get messages like this: Feb 24 22:02:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error! Feb 24 22:03:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error! Feb 24 22:04:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error! Feb 24 22:05:41 hostname ntpd_initres[3359]: ntpd returns a permission denied error! In this case, it would be nice if the email simply reports that the message, which other than timestamp is identical, repeats for a total of 60 times, 54 occurrences elided. Another use case is if I have a syntax error in my SpamAssassin config file. Every time an email arrives, I also get an additional email like Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 3 line with syntax error Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 4 line with syntax error Feb 24 22:02:07 hostname spamd[4899]: config: failed to parse line, skipping: FOO 5 line with syntax error Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 3 line with syntax error Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 4 line with syntax error Feb 24 22:02:17 hostname spamd[4899]: config: failed to parse line, skipping: FOO 5 line with syntax error Feb 24 22:03:41 hostname spamd[4899]: config: failed to parse line, skipping: FOO 1 line with syntax error Feb 24 22:03:41 hostname spamd[4899]: config: failed to parse line, skipping: FOO 2 line with syntax error In this second example, the duplicated lines aren't consecutive, though groups of them are.