<div dir="auto">Syslog-ng has a stats mechanism. If you sez stats-level(3), syslog-ng starts tracking host and program counters, and a timestamp for the last message received.<div dir="auto"><br></div><div dir="auto">These are lost when syslog-ng is restarted, but you can collect this every few minutes.</div><div dir="auto"><br></div><div dir="auto">You can query these counters using syslog-ng-ctl stats.</div><div dir="auto"><br></div><div dir="auto">The stats subsystem is being worked on to extend it, there were numerous pull requests recently.</div><div dir="auto"><br></div><div dir="auto">Cheers</div><div dir="auto">Bazsi</div></div><div class="gmail_extra"><br><div class="gmail_quote">On May 13, 2017 4:13 AM, "Sathish Sundaravel" <<a href="mailto:sathish.sundaravel@gmail.com">sathish.sundaravel@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Hi Nik,</div><div><br></div><div>Thank you . Currently I don't have such database option enabled. I have gathered host information from log file at this moment. Enabling log using database and host name format sounds good idea. </div><div><br></div><div>Any other thoughts ? </div><div><br></div><div>Regards</div><div>Sathish </div><div><br><div class="gmail_quote"><div>On Sat, 13 May 2017 at 1:55 AM, Nik Ambrosch <<a href="mailto:nik@ambrosch.com" target="_blank">nik@ambrosch.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">someone correct me if i’m wrong, but i don’t think there’s a good way to get this information directly from the syslog-ng daemon, especially if it’s restarted. a more reliable way is to pull the data off disk.<br>
<br>
depending on your log volume putting them into a database will allow you to easily do this with a single query. i write about 20 million log lines into a mysql database every day so this should cover most use cases. a query would look like one of these two (depends if you want a line count or not):<br>
<br>
mysql> select distinct host from syslog_table_20170511;<br>
mysql> select distinct host,count(*) as count from syslog_table_20170511 group by host order by count desc;<br>
<br>
pulling from log files on disk is obviously takes longer to run but can be done with a one-liner like this:<br>
<br>
$ cat file.log | awk '{print $1}' | sort | uniq -c | sort -nr<br>
<br>
another option is to write one log file per host and just run an ls to see which hosts have sent logs for the day, for example:<br>
<br>
/loghost/YYYYMMDD/hostname.<wbr>prv.log<br>
<br>
the dynamic path can be setup using syslog-ng.<br>
<br>
<br>
> On May 12, 2017, at 1:11 PM, Sathish Sundaravel <<a href="mailto:sathish.sundaravel@gmail.com" target="_blank">sathish.sundaravel@gmail.com</a>> wrote:<br>
><br>
> Hi All<br>
><br>
> I have syslog Ng server running on Solaris platform and configured to receive or accept events from all unix servers in one single log file.<br>
><br>
> If I want to collect list of servers reporting to the log server , I have to manually extract list from a single log file which is too much time consuming . What would the best way ?<br>
><br>
> Regards<br>
> Sathish<br>
> ______________________________<wbr>______________________________<wbr>__________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
><br>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</blockquote></div></div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div></div>