syslog-ng filter log by frequency to destination file

Question

I have a syslog-ng that receives too many logs and I am trying a way to 'sample' them using some filter. I assume editing the /etc/syslog-ng/syslog-ng.conf with something like log { source(s_udp514); filter(every XXmin); destination(d_udp514); };

Where filter(every 15min) will write only on XXmin to destination. Do you know how I can achieve it?

score 0 · Answer 1 · answered Mar 21 '23 at 20:42

The modulate() filter allows you to specify a time interval and only allows messages to pass through at specific intervals.

EXAMPLE:

source s_udp514 {
    # Your source configuration here
};

filter f_modulate {
    modulate(interval 15m);
};

destination d_udp514 {
    # Your destination configuration here
};

log {
    source(s_udp514);
    filter(f_modulate);
    destination(d_udp514);
};

In this example, the modulate() filter is configured with a 15m interval. The log statement uses the s_udp514 source, applies the f_modulate filter, and sends the filtered messages to the d_udp514 destination.

`modulate()` doesn't seem to be available in syslog-ng. Can you show any reference? — MrAnno, Mar 21 '23 at 20:49

score 0 · Answer 2 · answered Mar 21 '23 at 20:46

0

Something similar can be achieved by filtering based on the value of time macros, such as ${R_MIN}, ${R_HOUR}, or ${R_UNIXTIME}.

answered Mar 21 '23 at 20:46

MrAnno

210
1
7

syslog-ng filter log by frequency to destination file

2 Answers2