[rsyslog] Feedback requested "Last message logged n times"...
Rainer Gerhards
rgerhards at hq.adiscon.com
Tue Mar 18 14:22:30 CET 2008
> The only arguments for keeping the feature that I got on my lug was
the
> preservartion of disk/network IO.
Did you get any "feeling" of how important this is being considered?
>
> I think to prevent DOS attacks is a valid argument but as you said can
> be easily circumvented by randomizing messages.
>
> To safeguard against dos attacks you could have a monitor that
monitors
> for extra ordinary amount of traffic and then generate a snmp trap.
> Whether that should be a rsyslog plugin or part of other software is
> open to debate.
This may (m-a-y it's far too early) be part of the flow control logic or
an exception detector or a rate-limiting feature...
Even for non-DoS cases it might be interesting to know who is sending
most messages... mmmh... maybe this points into a direction on how to
solve the need that is behind "last message repeated n times". Probably
that need is not even fully understood... mmmhh. More thoughts are
appreciated ;)
Rainer
More information about the rsyslog
mailing list