Re: Fedora 6 Advice

katsumi liquer wrote:
One issue I have had with RHEL 4.x is closely related with VMware
...<snipped>

A second feature which I don't like about RHEL is that the syslog
daemon is permanently configured for event suppression -- meaning that
if a certain event repeats a certain number of times, syslog will
print out a message like: 'message repeated' -- and you can't disable
this behavior. it is all fine and good, except when you are trying to
get very accurate statistics from your syslog daemon, say for an IDS.
I talked to RH tech support about this, and they said that suppression
is there to protect your log file size, and that you can't disable it.


I recall that there is a kernel printk imposed the rate limit - I did not think klogd or syslogd imposed any rate limit. It is configurable, check with sysctl command :

# sysctl -a |grep printk_ratelimit
kernel.printk_ratelimit_burst = 10
kernel.printk_ratelimit = 5




From the file /usr/share/doc/kernel-doc-2.6.9/Documentation/sysctl/kernel.txt in the kernel-doc rpm:

printk_ratelimit:

Some warning messages are rate limited. printk_ratelimit specifies
the minimum length of time between these messages (in jiffies), by
default we allow one every 5 seconds.

A value of 0 will disable rate limiting.

==============================================================

printk_ratelimit_burst:

While long term we enforce one message per printk_ratelimit
seconds, we do allow a burst of messages to pass through.
printk_ratelimit_burst specifies the number of messages we can
send before ratelimiting kicks in.

==============================================================



Cheers
Michael

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: Data Mining for PIX Firewall Logs
    ... First you will have to log the data via syslog. ... I reccomend kiwi syslog ... daemon for windows. ... Sawmill not only processes PIX easily, but it can also process anything ...
    (Pen-Test)
  • Re: [SLE] Problems with syslog
    ... and am trying to get syslog running. ... > man pages and FAQs, and cannot get the daemon to receive input. ... > daemon under this installation isn't registering any input at all, ...
    (SuSE)
  • Re: No syslog entries on Sundays & Mondays
    ... >>I have a SCO 5.0.6 server. ... >>sure if the script is causing the problem. ... >>details to syslog. ... If you delete the file, the daemon will continue to write ...
    (comp.unix.sco.misc)
  • Re: Sending syslog to another machine
    ... This file has been superseeded by the fils in the doc folder. ... Basically rsyslog works like syslog, but adds a few more options. ... Don't forget to restart/reload rsyslog (or any other syslog daemon for ... done by simply sending the daemon a HUP signal: ...
    (Fedora)