> The only arguments for keeping the feature that I got on my lug was the > preservartion of disk/network IO.
Did you get any "feeling" of how important this is being considered? > > I think to prevent DOS attacks is a valid argument but as you said can > be easily circumvented by randomizing messages. > > To safeguard against dos attacks you could have a monitor that monitors > for extra ordinary amount of traffic and then generate a snmp trap. > Whether that should be a rsyslog plugin or part of other software is > open to debate. This may (m-a-y it's far too early) be part of the flow control logic or an exception detector or a rate-limiting feature... Even for non-DoS cases it might be interesting to know who is sending most messages... mmmh... maybe this points into a direction on how to solve the need that is behind "last message repeated n times". Probably that need is not even fully understood... mmmhh. More thoughts are appreciated ;) Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
