2014-09-05 17:27 GMT+03:00 KHALID Saïd <khalidsaid....@gmail.com>:
> Hello,
>
> I want to use sec for log correlation with rsyslog. .
> My rsyslog is sending all the log to my mysql server but a lot of log are
> the same...
> I need to add just one occurrence of the same log.. I need a script for
> this rule
> Someone can help me please ?
>
if you want to suppress repeated instances of the same message, you can
take advantage of SEC's SingleWithSuppress rule:
http://simple-evcorr.sourceforge.net/man.html#lbAN
The details of implementing this rule depend heavily on the messages you
want to filter.
As a side note, you might also consider to filter out repeated messages
with rsyslog itself (I seem to remember that this feature can be enabled
with the $RepeatedMsgReduction option of rsyslog).
kind regards,
risto
Best regards.
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
