Re: [rsyslog] Action params with exec.OnlyEveryNthTime

Mon, 26 Sep 2022 10:32:33 -0700 

Update: Ok I found an example from a couple years ago using the ommail module. 
So now my updated syntax is:

if ($msg contains " Syslog-I ") then { action (type="omfile" 
file="/var/log/firewalld" action.execOnlyEveryNthTime="5" 
action.execOnlyEveryNthTimeout="15") stop }

Except the error running rsyslogd- N1 is on or before line 3: parameter 
'action.execOnlyEveryNthTimeout' not known.
So I searched thru the changelog document for ‘action.exec.OnlyEveryNth’ and 
found notes under the DEVEL version 3.21.3 from 2008.

So Im left wondering what the status is of this functionality? Docs show it’s 
valie parameters under omfile (and possibly other modules), but with no mention 
in the changelog for a recent/current version I’m confused.

Thanks!


From: Ben Hart <ben.h...@jamf.com>
Date: Monday, September 26, 2022 at 12:10 PM
To: Ben Hart via rsyslog <rsyslog@lists.adiscon.com>
Subject: Action params with exec.OnlyEveryNthTime
Good morning/afternoon!
I’m looking to implement some rate limiting due to an especially chatty set of 
vSphere hosts. First there is nothing I can do on the vmware side, so I’ve been 
exploring the rate limiting options in Rsyslog and so far what looks the best 
in my case is setting the action.execOnlyEveryNthTime.  The problem is, going 
by the rsyslog.com docs I’m unsure of how to actually employ it.

If I have a ruleset like:

ruleset(name="r_vmhost"){
    action(type="omfile" Dynafile="d_vmhost")
}

Should the parameter with within the action ()’s like:

ruleset(name="r_vmhost"){
    action(type="omfile" Dynafile="d_vmhost" execOnlyEveryNthTime=”5”)
}

I did look at setting a global rate limiting within rsyslog.conf however I’d 
rather apply this to a specific ruleset or maybe a couple but not everything.

Thanks!



[Jamf]


Ben Hart
IT Systems Administrator II
100 Washington Ave S, Minneapolis, MN 55401
[Phone]
+00 1 989 424 0187
[Email]
ben.h...@jamf.com
[Web]
www.jamf.com<https://www.jamf.com>
[Facebook]   [Twitter]    [LinkedIn]    [YouTube]


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to