Fedora 6 Advice

katsumi liquer katsumi at gmail.com
Tue Jan 30 16:35:12 UTC 2007 

Hi Mike,

Wow -- that is cool!! I have not heard of that parameter before. I
think I could probably use that -- if I set the rate limit high
enough, perhaps it would prevent syslog from suppressing duplicate
messages. The problem though is that I am guessing this only applies
to messages coming from the kernel; other processes which talk to
syslog directly will probably still trigger suppression I'm guessing.
For example, several repeated failure messages from sshd will generate
this message:

"last message repeated"

This is basically the situation:

http://www.syslog.org/PNphpBB2-viewtopic-t62-.phtml

I have never been able to find the official RedHat solution to the
problem, short of rebuilding a custom syslog

katsu

On 1/30/07, Mike Kearey <mkearey at redhat.com> wrote:
> katsumi liquer wrote:
> > One issue I have had with RHEL 4.x is closely related with VMware
> > ...<snipped>
> >
> > A second feature which I don't like about RHEL is that the syslog
> > daemon is permanently configured for event suppression -- meaning that
> > if a certain event repeats a certain number of times, syslog will
> > print out a message like: 'message repeated' -- and you can't disable
> > this behavior. it is all fine and good, except when you are trying to
> > get very accurate statistics from your syslog daemon, say for an IDS.
> > I talked to RH tech support about this, and they said that suppression
> > is there to protect your log file size, and that you can't disable it.
> >
>
> I recall that there is a kernel printk imposed the rate limit - I did
> not think klogd or syslogd imposed any rate limit. It is configurable,
> check with sysctl command :
>
> # sysctl -a |grep printk_ratelimit
> kernel.printk_ratelimit_burst = 10
> kernel.printk_ratelimit = 5
>
>
>
>
>  From the file
> /usr/share/doc/kernel-doc-2.6.9/Documentation/sysctl/kernel.txt in the
> kernel-doc rpm:
>
> printk_ratelimit:
>
> Some warning messages are rate limited. printk_ratelimit specifies
> the minimum length of time between these messages (in jiffies), by
> default we allow one every 5 seconds.
>
> A value of 0 will disable rate limiting.
>
> ==============================================================
>
> printk_ratelimit_burst:
>
> While long term we enforce one message per printk_ratelimit
> seconds, we do allow a burst of messages to pass through.
> printk_ratelimit_burst specifies the number of messages we can
> send before ratelimiting kicks in.
>
> ==============================================================
>
>
>
> Cheers
> Michael
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list