<p dir="ltr">What is your syslog-ng version?</p>
<div class="gmail_quote">On Feb 19, 2014 7:09 AM, "Scot Needy" <<a href="mailto:scotrn@gmail.com">scotrn@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I can’t post the full output but if I look at the dst output there is no stats for my d_file destination but I do see them for others which are remote targets.<br>
<br>
This is the only stats output matching<br>
/opt/syslog-ng/sbin/syslog-ng-ctl stats |grep file<br>
<br>
destination;d_file;;a;processed;3780673<br>
<br>
<br>
<br>
On Feb 18, 2014, at 11:34 PM, Evan Rempel <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br>
<br>
> you have to stop grepping for "destination"<br>
><br>
> the detailed lines are of the form<br>
><br>
> dst.file;d_var_syslog#0;/var/log/syslog.20140218.000000;a;stored;0<br>
><br>
><br>
> note the leading dst.{destination type}.....<br>
><br>
> Evan.<br>
><br>
><br>
> ________________________________________<br>
> From: Scot Needy [<a href="mailto:scotrn@gmail.com">scotrn@gmail.com</a>]<br>
> Sent: Tuesday, February 18, 2014 12:44 PM<br>
> To: Evan Rempel<br>
> Cc: Syslog-ng users' and developers' mailing list<br>
> Subject: Re: [syslog-ng] Stats on destinations with macro's ?<br>
><br>
> stats_level makes no difference to the stats output.<br>
><br>
> Level 1<br>
> [root@## ~]# /opt/syslog-ng/sbin/syslog-ng-ctl stats |grep destin<br>
> destination;d_em7;;a;processed;4304<br>
> destination;d_mysql;;a;processed;11711<br>
> destination;d_fifo;;a;processed;11711<br>
> destination;d_file;;a;processed;11715<br>
><br>
> [root@## ~]# vi /etc/syslog-ng/syslog-ng.conf<br>
> [root@## ~]# /etc/init.d/syslog-ng restart<br>
> Restarting syslog-ng: Stopping syslog-ng: [ OK ]<br>
> Starting syslog-ng: [ OK ]<br>
><br>
> Level 3<br>
> nohup: appending output to `nohup.out'<br>
> [root@## ~]# /opt/syslog-ng/sbin/syslog-ng-ctl stats |grep destin<br>
> destination;d_em7;;a;processed;62<br>
> destination;d_mysql;;a;processed;132<br>
> destination;d_fifo;;a;processed;132<br>
> destination;d_file;;a;processed;136<br>
><br>
><br>
><br>
> On Feb 18, 2014, at 3:09 PM, Evan Rempel <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br>
><br>
>> Try adding the global option<br>
>><br>
>> stats_level(1);<br>
>><br>
>> ________________________________________<br>
>> From: Scot Needy [<a href="mailto:scotrn@gmail.com">scotrn@gmail.com</a>]<br>
>> Sent: Tuesday, February 18, 2014 11:50 AM<br>
>> To: Evan Rempel<br>
>> Cc: Syslog-ng users' and developers' mailing list<br>
>> Subject: Re: [syslog-ng] Stats on destinations with macro's ?<br>
>><br>
>> Ok I must have something wrong with my conf then.<br>
>><br>
>> options { long_hostnames (off);<br>
>> flush_lines (0);<br>
>> use_dns(no);<br>
>> dns_cache(no);<br>
>> use_fqdn(no);<br>
>> # dns_cache_size(2014);<br>
>> check_hostname(no);<br>
>> chain_hostnames(no);<br>
>> keep_hostname(no);<br>
>> };<br>
>><br>
>> ######<br>
>> # sources<br>
>> source src {<br>
>> unix-dgram("/var/run/log");<br>
>> unix-dgram("/var/run/logpriv" perm(0600));<br>
>> internal();<br>
>> file("/dev/klog");<br>
>> };<br>
>> ### Local sources<br>
>> source s_local {<br>
>> internal();<br>
>> unix-stream("/dev/log" max-connections(20));<br>
>> file("/proc/kmsg" program_override("kernel")); };<br>
>> ### External Network sources<br>
>> source s_net { udp(); tcp(max-connections(50)); };<br>
>> # Relay external sources<br>
>> log { source(s_net);<br>
>> destination (d_mysql); destination (d_fifo); destination (d_file);<br>
>> };<br>
>><br>
>> #######################################################################<br>
>> destination d_file { file("/data/syslog-ng/$R_YEAR/$R_MONTH/$R_DAY/$R_HOUR/$HOST.log"<br>
>> owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };<br>
>> ….<br>
>><br>
>><br>
>> # /opt/syslog-ng/sbin/syslog-ng-ctl stats<br>
>><br>
>> SourceName;SourceId;SourceInstance;State;Type;Number<br>
>> global;payload_reallocs;;a;processed;1441<br>
>> source;s_net;;a;processed;44079304<br>
>> source;s_local;;a;processed;1035<br>
>> global;msg_clones;;a;processed;0<br>
>> destination;d_mysql;;a;processed;44079304<br>
>> src.internal;s_local#0;;a;processed;737<br>
>> src.internal;s_local#0;;a;stamp;1392752561<br>
>> global;sdata_updates;;a;processed;0<br>
>> center;;received;a;processed;0<br>
>> destination;d_fifo;;a;processed;44079304<br>
>> destination;d_file;;a;processed;44080339<br>
>> center;;queued;a;processed;0<br>
>><br>
>> On Feb 18, 2014, at 1:33 PM, Evan Rempel <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br>
>><br>
>>> That certainly is not the way it works on 3.4<br>
>>><br>
>>> I have a file destinations that contain date stamps etc and when I run the<br>
>>><br>
>>> sudo syslog-ng-ctl stats<br>
>>><br>
>>> I get each destination as a separate statistic.<br>
>>><br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;dropped;0<br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;processed;5<br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;stored;0<br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;dropped;0<br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;processed;200<br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;stored;0<br>
>>> ...<br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;dropped;0<br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;processed;156<br>
>>> dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;stored;0<br>
>>> ...<br>
>>><br>
>>><br>
>>> so that should be what you are loooking for.<br>
>>><br>
>>> the "o" in the last three lines indicates that the destination is old (closed due to idle timeout)<br>
>>><br>
>>><br>
>>><br>
>>> On 02/18/2014 04:33 AM, Scot wrote:<br>
>>>><br>
>>>> I realized my problem, if a destination contains a macro it’s still defined as one destination.<br>
>>>><br>
>>>> Looking for direction here….<br>
>>>><br>
>>>> My intention is to get syslog-ng-ctl to report stats on each VLAN in our environment while logging to a destination such as /var/log//$YYYY/$MM/$DD/$VLAN-Name-$SEVERITY.log . VLAN’s in our environment are defined in a IPAM database with a name and subnet.<br>
>>>><br>
>>>> I can drive a include file for syslog-ng.conf with a script, I just need guidence on the format of the config file.<br>
>>>><br>
>>>> I would like to define a unique destination per subnet+severity so syslog-ng-ctl will give me counters if a subnet start sending large numbers of critical messages for example.<br>
>>>><br>
>>>> I also feel I need a catch all for any message that does not match a defined destination. These would be malformed messages from hosts which would need to be corrected so they get to the proper destination.<br>
>>>><br>
>>>> I think the subnet destinations would be be driven by matching subnet filters something like so…. but how would one create a filter that defines everything NOT matched by another filter ?<br>
>>>><br>
>>>> if VLAN...<br>
>>>> or VLAN…<br>
>>>> or VLAN…<br>
>>>> else everything_else..<br>
>>>><br>
>>>><br>
>>>> NOTE: Syntax may be off, this is just from memory.<br>
>>>><br>
>>>> destination VLAN_NAME_HIGH_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.log”)};<br>
>>>> filter VLAN_NAME_HIGH_des { netmask(“<a href="http://192.168.1.0/255.255.255.0" target="_blank">192.168.1.0/255.255.255.0</a>”); level(warn..emerg)};<br>
>>>><br>
>>>> destination VLAN_NAME_LOW_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.info”)};<br>
>>>> filter VLAN_NAME_LOW_des { netmask(“<a href="http://192.168.1.0/255.255.255.0" target="_blank">192.168.1.0/255.255.255.0</a>”); level(info..notice)};<br>
>>>><br>
>>>> Sent from my iPad<br>
>>>><br>
>>>>> On Feb 14, 2014, at 8:40 AM, Jakub Jankowski <<a href="mailto:shasta@toxcorp.com">shasta@toxcorp.com</a>> wrote:<br>
>>>>><br>
>>>>>> On 14.02.2014 02:55, Scot wrote:<br>
>>>>>> Is there a trick to get stats on destinations with macros ?<br>
>>>>>><br>
>>>>>> I get stats on my FIFO, local, net work destinations but not on the destinations with macros.<br>
>>>>><br>
>>>>> What do you mean by 'destinations with macros'? Does local file()<br>
>>>>> destination (with macros) count? Then it works for me (on 3.5.3):<br>
>>>>><br>
>>>>> # syslog-ng-ctl stats | grep d_net_test<br>
>>>>> destination;d_net_test;;a;processed;888891<br>
>>>>> # grep 'destination d_net_test' /etc/syslog-ng/syslog-ng.conf<br>
>>>>> destination d_net_test { file("/var/log/$HOST/$R_YEAR-$R_MONTH.log"); };<br>
>>>>> #<br>
>>>>><br>
>>>>><br>
>>>>> Regards,<br>
>>>>><br>
>>>>> --<br>
>>>>> Jakub Jankowski|<a href="mailto:shasta@toxcorp.com">shasta@toxcorp.com</a>|<a href="http://toxcorp.com/" target="_blank">http://toxcorp.com/</a><br>
>>>>> GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D<br>
>>>>> ______________________________________________________________________________<br>
>>>>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>>>>> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>>>>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
>>>>><br>
>>>> ______________________________________________________________________________<br>
>>>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>>>> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>>>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
>>>><br>
>>><br>
>>><br>
>>> --<br>
>>> Evan Rempel <a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a><br>
>>> Senior Systems Administrator <a href="tel:250.721.7691" value="+12507217691">250.721.7691</a><br>
>>> Data Centre Services, University Systems, University of Victoria<br>
>><br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>