How do I disable syslog message summarization?

From: Mike van der Velden (mvanderv@redback.com)
Date: Thu Aug 08 2002 - 15:15:03 EDT

• Next message: Paramasivam, Meenakshisundaram: "[SUMMARY] Third party multi-host RAID5 array"
• Previous message: Michael S. Peek: "SUMMARY: Programs hang that access /etc/.name_service_door?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I know that this is generally a Good Thing(tm) that the messages are
summarized. It'd be nice if for one facility (or even all of syslog) I could
disable this summarization. Anyone know how?

Alternatively, should I grab a syslogd.c from Linux or NetBSD and hack it to
do what I want? Or is there some other third party software that I can use
in place of, or in addition to, syslog? (no, we don't use Tivoli)

Other suggestions that have been considered but won't work:

1. use the mark facility of syslog to write a timestamp every minute.
   => we can't, because the messages arrive more frequently than that.

2. make the generated messages unique in some way
   => we can't because we don't control the message source.

Why do we want to do this, you ask?

There is a (3rd party, not Solaris, not our own) process we are monitoring
that send out some cryptic (to me, anyway) error messages. When they happen
once in a while, no problem. When they occur more frequently, say once per
second, we need to send an alert. So, a script has been written to monitor
the log file, but it gets defeated by the syslog summarization.

Yes, I think a more sophisticated perl script could probably handle the log
file parsing.

Hmmm... perhaps syslog could pass these messages along to another process that
will parse the messages as they come in. Anyone written a script like that?

FYI, the system running syslogd is Solaris 8. Here are some of the sample
error messages:

Aug 8 13:35:11 ARTNVAARSMSR13 13:37:56 8Aug2002: %L2TP-3-BADSCCRP: DNOC:1:
received bad sccrp in state WAIT CTL REPLY
Aug 8 13:35:11 ARTNVAARSMSR13 13:38:13 8Aug200last message repeated 20 times
Aug 8 13:35:32 ARTNVAARSMSR8 12:32:38 8Aug2001: %L2TP-3-MAX_REXMTS:
vr1dca3:1: Exceeded max retransmit count on packet 0
Aug 8 13:35:32 ARTNVAARSMSR13 13:38:14 8Aug2002: %L2TP-3-BADSCCRP: DNOC:1:
received bad sccrp in state WAIT CTL REPLY
Aug 8 13:35:32 ARTNVAARSMSR13 13:38:28 8Aug200last message repeated 14 times

yes, I see the odd date stamps as well (Aug 200 and Aug 2001), which is
another issue that needs to be dealt with.

-- 
Mike van der Velden                        email  mvanderv@redback.com
System Administrator                       voice  604-629-7281
Redback Networks Canada, Inc.              pager  604-868-1562
200 - 4190 Still Creek Drive               fax    604-294-8830
Burnaby, BC.  Canada
The idea that Bill Gates has appeared like a knight in shining armour to lead
all customers out of a mire of technological chaos neatly ignores the fact
that it was he who, by peddling second-rate technology, led them into it in
the first place.
    -- Douglas Adams
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Paramasivam, Meenakshisundaram: "[SUMMARY] Third party multi-host RAID5 array"
• Previous message: Michael S. Peek: "SUMMARY: Programs hang that access /etc/.name_service_door?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:44 EDT