1

I am designing a centralize syslog server, to receive logs from different device, and write them to MySQL. While there are too many repeated messages, I am trying to find a solution.

I found syslog-ng >= 2.1 has added support for suppressing duplicate messages (Change log). But it seems can't work with SQL destination?

I can find suppress option in file destination (file-destination-doc) , but in SQL destination, I can't find this option (sql-destination-doc)

Is there any way to suppress repeated messages, to SQL destination in syslog-ng ?

Brightshine
  • 975
  • 1
  • 7
  • 17

1 Answers1

3

unfortunately, the SQL destnation doesn't support suppressing messages at the moment.

I'd recommend opening an issue ticket for the developers at https://github.com/balabit/syslog-ng/issues

As a very ugly workaround, you could make a loop within syslog-ng: send your logs via TCP (with suppress() set) to the same sysog-ng instance, and then send these messages to SQL.

HTH,

Robert

Robert Fekete
  • 557
  • 3
  • 5