Suppressing rsyslog tls error messages

Question

When configuring rsyslog with tls and using PermittedPeer or streamdriver.authmode name, if an unauthorized peer connects, rsyslog logs error messages like below.

Jan 22 08:56:38 test rsyslogd-2089: netstream session 0x7f177401b740 from 10.0.0.7 will be closed due to error  [try http://www.rsyslog.com/e/2089 ]
Jan 22 08:56:38 test rsyslogd-2088: error: peer name not authorized -  not permitted to talk to it. Names: DNSname: *.test.com; DNSname: test.com; CN: *.test.com;  [try http://www.rsyslog.com/e/2088 ]

If the client is persistent, rsyslog logs thousands of these messages.

Is there a way to tell the netstream driver to not log too many of these? I wouldn't mind seeing them to figure out which client is misconfigured or possible abuse, but there is just too many of these.

I am currently using the below entries, which completely discard these messages.

:msg, contains, "peer name not authorized" ~
:msg, regex, ".*netstream session .* from .* will be closed due to error" ~

This by the way generates the below warning message, even though recent documentation says this is the correct way to discard messages.

Jan 22 09:34:22 test: warning: ~ action is deprecated, consider using the 'stop' statement instead [try http://www.rsyslog.com/e/2307 ]

Answer 1

It appears that you want to implement RepeatedMsgReduction.

In your global configuration directives (probably rsyslog.conf):

$RepeatedMsgReduction on

From the Docs:

This directive specifies whether or not repeated messages should be reduced (this is the "Last line repeated n times" feature). If set to on, repeated messages are reduced. If set to off, every message is logged.