I've installed Kiwi Syslog on a server that is connected to a network of a hundred or so satellite receivers in a nationwide commercial radio broadcast network. These receivers are monitored by syslog which filters for certain events which are inherently service-impacting, i.e. receiver reboots or audio player restarts (which cause gaps in the audio). If such an event is caught, syslog sends an email to the appropriate engineering staff. This works just fine and is proving to be one of those "I don't know how we managed without it" things. There is a problem lurking here though: What happens when, for instance, sun transit occurs and all of the receivers cut over from the (temporarily silent) satellite to terrestrial backup and a hundred receivers fire off "broken audio" log messages ... A hundred emails get sent is what happens. So I need to a filter setup that will detect that a large number of these messages have arrived in a short time and send just one email. But it should also be clever enough to send an email for every such message it catches under normal conditions when the messages are few and far between. How would I do that?
BTW - "Sun transit" happens twice per year and lasts up to an hour per day for about two weeks each time.
Tony
