Log unique Client Addresses per (Hour|Day|Etc)
Is there a way to supress logging for an IP that I've already logged in the current hour? Or Day? Alternatively, I could interrogate the URL for a landing page and log then...but that seems hokey.
This data will get pushed to our syslog server where it will get reported on. I just don't see any reason to to log every single GET request from the same IP each hour.
when HTTP_REQUEST {
set url [HTTP::host][HTTP::uri]
set sender [IP::client_addr]
set remote [IP::remote_addr]
set country [whereis $sender country]
set state [whereis $sender state]
set city [whereis $sender city]
set zip [whereis $sender zip]
set isp [whereis $sender isp]
set latitude [whereis $sender latitude]
set longitude [whereis $sender longitude]
log local0.info "GeoClientAddress=$sender GeoRequesting=$url GeoRemoteAddress=$remote GeoCountry=$country GeoStateRegion=$state GeoPostalCode=$zip GeoISP=$isp GeoLatitude=$latitude GeoLongitude=$longitude"
}
Thanks.