<div dir="ltr"><div><div><div>Hi,<br><br></div>the issue with the internal stats() message is that if you have a lot of counters that message is truncated. Also, it is pretty difficult to parse.<br><br></div>So I would vote for the "poll syslog-ng-ctl and generate messages" solution. <br></div><div><br></div><div>BTW: the internal PE team did something in this area, they created some sort of internal source that does this polling, but I am not sure how that works. Possibly there's documentation :)</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Tue, Oct 17, 2017 at 4:37 PM, Scot <span dir="ltr"><<a href="mailto:scotrn@gmail.com" target="_blank">scotrn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Doesn't stats_freq() set an interval to log stats to syslog already?<div><strong style="color:rgb(29,89,135);font-size:1.5em;font-family:"Droid Sans",Verdana,Helvetica,sans-serif"><br></strong></div><div><span style="color:rgb(29,89,135);font-family:"Droid Sans",Verdana,Helvetica,sans-serif">Description:</span><span style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0)"> The period between two </span><span class="m_2272840704388001741gmail-highlight" style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0);background-color:rgb(255,222,123)">STATS</span><span style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0)"> messages in seconds. </span><span class="m_2272840704388001741gmail-highlight" style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0);background-color:rgb(255,222,123)">STATS</span><span style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0)"> are log messages sent by syslog-ng, containing </span><span class="m_2272840704388001741gmail-highlight" style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0);background-color:rgb(255,222,123)">stat</span><span style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0)">istics about dropped log messages. Set to </span><code class="m_2272840704388001741gmail-userinput" style="color:rgb(0,0,0);font-family:Courier,fixed">0</code><span style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0)">to disable the </span><span class="m_2272840704388001741gmail-highlight" style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0);background-color:rgb(255,222,123)">STATS</span><span style="font-family:"Droid Sans",Verdana,Helvetica,sans-serif;color:rgb(0,0,0)"> messages.</span><div><div><br></div><div>So </div><div>internal_src -> format > elasticsearch -> syslog-ng_stats index ?  </div></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 16, 2017 at 11:01 AM, Evan Rempel <span dir="ltr"><<a href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I have a perl script that collects some stats and logs them to syslog again. The syslog stream gets sent to ES, so they end up there, but as a syslog line, not a specific statistic item for things like grafana.<div><div class="m_2272840704388001741h5"><br>
<br>
On 10/15/2017 05:57 PM, Scot wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
  Looked around for a few hours and didn't see anything.<br>
<br>
Has anyone worked on sending syslog-ng stats to ES ?<br>
I see several ways I could but wondering if anyone has already. A push method directly from syslog-ng would be awesome.<br>
<br>
Scot<br>
<br>
</blockquote>
<br></div></div>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=syslog<wbr>-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
</blockquote></div><br></div>
</div></div><br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>