It's kind of strange but I've had this running for about a week now... I seem to have had 2 false alerts for no apparent reason.
On Thu, Aug 7, 2008 at 10:39 PM, Rainer Gerhards <[EMAIL PROTECTED]> wrote: > Thanks for the feedback, it will now be part of the next devel release, > I think some time next week :) > > Rainer > >> -----Original Message----- >> From: Julian Yap [mailto:[EMAIL PROTECTED] >> Sent: Friday, August 08, 2008 1:55 AM >> To: Rainer Gerhards >> Cc: [email protected] >> Subject: Re: Re: [rsyslog] Alert when multiple repeated lines are > found >> >> Yep, after further testing this works great! Thanks Rainer. >> >> On Thu, Aug 7, 2008 at 12:38 PM, Julian Yap <[EMAIL PROTECTED]> >> wrote: >> > Rainer, >> > >> > Initial testing looks fine. I'll try some more to see if I can > break >> it. >> > >> > - Julian >> > >> > On Thu, Aug 7, 2008 at 5:08 AM, Rainer Gerhards >> > <[EMAIL PROTECTED]> wrote: >> >> Julian, >> >> >> >> as you have probably seen in my other post, I have implemented the >> >> functionality. I have now also created a test tarball. I'd >> appreciate if >> >> you could obtain it from >> >> >> >> http://download.rsyslog.com/rsyslog/rsyslog-3.21.3-Test3.tar.gz >> >> >> >> and give it a try. Read ./doc/rsyslog_conf.html in regard to >> >> $ActionExecOnlyEveryNthTime and $ActionExecOnlyEveryNthTimeTimeout. >> For >> >> what you intend to do, this should work: >> >> >> >> $ActionExecOnlyEveryNthTime 3 >> >> *.* ..your action.. >> >> >> >> You don't need the timeout, but I have included it for > completeness. >> >> Well, actually if I were you I'd think if you really don't need it. >> Is >> >> it really OK that "three in a row" means one each day? >> >> >> >> Please provide feedback on this feature. >> >> >> >> Thanks, >> >> Rainer >> >> >> >>> -----Original Message----- >> >>> From: Julian Yap [mailto:[EMAIL PROTECTED] >> >>> Sent: Friday, August 01, 2008 12:14 PM >> >>> To: Rainer Gerhards >> >>> Cc: [email protected] >> >>> Subject: Re: Re: [rsyslog] Alert when multiple repeated lines are >> >> found >> >>> >> >>> Roger that Rainer. >> >>> >> >>> Thanks, >> >>> Julian >> >>> >> >>> On Thu, Jul 31, 2008 at 11:58 PM, Rainer Gerhards >> >>> <[EMAIL PROTECTED]> wrote: >> >>> > OK, that greatly simplifies things. Actually, it now boils down >> to >> >>> > "execute an action only on the n-the time the filter evaluates > to >> >>> true". >> >>> > I think this is quite easy to implement, but I must verify >> that... >> >>> > >> >>> > Rainer >> >>> > >> >>> >> -----Original Message----- >> >>> >> From: Julian Yap [mailto:[EMAIL PROTECTED] >> >>> >> Sent: Friday, August 01, 2008 11:03 AM >> >>> >> To: Rainer Gerhards >> >>> >> Cc: [email protected] >> >>> >> Subject: Re: Re: [rsyslog] Alert when multiple repeated lines >> are >> >>> > found >> >>> >> >> >>> >> On Thu, Jul 31, 2008 at 10:18 PM, Rainer Gerhards >> >>> >> <[EMAIL PROTECTED]> wrote: >> >>> >> > Just one more re-confirmation: >> >>> >> > >> >>> >> >> What I'm looking for: >> >>> >> >> if $msg == 'This is really bad' happens 3 times in a row > then >> >>> >> >> :ommail:;mailBody >> >>> >> >> >> >>> >> >> This would be nice but is not required since the 'This is >> really >> >>> >> bad' >> >>> >> >> message in my case is very unique: >> >>> >> >> if ($msg == 'This is really bad' and $server == 'server' and >> >>> >> $program >> >>> >> >> == 'program') happens 3 times in a row then > :ommail:;mailBody >> >>> >> > >> >>> >> > So you would actually use such a rule. If "this other thing > is >> >>> > really >> >>> >> > bad" happened three times, the rule shall not trigger. Is > this >> >>> > right? >> >>> >> >> >>> >> Yes, I would use such a rule. It would make what is already an >> >>> >> awesome application even more awesome. :P I am also willing to >> >> test >> >>> >> it out and run the latest development version... Which I'm >> doing >> >>> >> anyway. >> >>> >> >> >>> >> And yes, what you just wrote is correct. >> >>> >> >> >>> >> - Julian >> >>> > >> >> >> > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
