Hey Erich, On Thu, Jan 05, 2006 at 12:30:33AM +0100, Erich Schubert wrote: > Hi, > I'd also like to be able to ignore messages unless they occur too often, > and maybe group certain messages when they occur very often. > > A typical example is > postfix/smtp: connect to mx3.mail.yahoo.com[64.156.215.18]: read timeout > (port 25) > > Oh my god! This really is critical information, isn't it? > Well, when your server has like dozens of them it probably means > something is broken with your network connectivitiy; then it's useful to > know. As long as there are only single of these messages, they should > just be ignored... > > Similarly: > grouping them by the number of hits - like dicitionary attacks. > For dictionary attacks, only the first and last attempt is that > interesting that I'd like to see it in the logcheck result; if I need > the complete data I can still access the original logfile.
While I'm generally opposed to adding this complexity to logcheck, (There's not really a simple implementation given the way we use egrep.) I'm not opposed to optionally doing things like this in post-processing. I've added a note to the IdeaPool[0] about this. [0] http://wiki.logcheck.org/index.cgi/IdeaPool -- Todd Troxell http://rapidpacket.com/~xtat -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]