Join Log in
Score:1
asasa178 avatar Server

syslog-ng filter log by frequency to destination file

sz flag
asasa178

I have a syslog-ng that receives too many logs and I am trying a way to 'sample' them using some filter. I assume editing the /etc/syslog-ng/syslog-ng.conf with something like log { source(s_udp514); filter(every XXmin); destination(d_udp514); };

Where filter(every 15min) will write only on XXmin to destination. Do you know how I can achieve it?

169
2 + 0
Score:0
MrAnno avatar Server
vn flag
MrAnno

Something similar can be achieved by filtering based on the value of time macros, such as ${R_MIN}, ${R_HOUR}, or ${R_UNIXTIME}.

+ 0
Score:0
Hawshemi avatar Server
kz flag
Hawshemi

The modulate() filter allows you to specify a time interval and only allows messages to pass through at specific intervals.

EXAMPLE:

source s_udp514 {
    # Your source configuration here
};

filter f_modulate {
    modulate(interval 15m);
};

destination d_udp514 {
    # Your destination configuration here
};

log {
    source(s_udp514);
    filter(f_modulate);
    destination(d_udp514);
};

In this example, the modulate() filter is configured with a 15m interval. The log statement uses the s_udp514 source, applies the f_modulate filter, and sends the filtered messages to the d_udp514 destination.

+ 1
MrAnno avatar
vn flag
MrAnno
`modulate()` doesn't seem to be available in syslog-ng. Can you show any reference?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.