someone correct me if i’m wrong, but i don’t think there’s a good way to get this information directly from the syslog-ng daemon, especially if it’s restarted. a more reliable way is to pull the data off disk. depending on your log volume putting them into a database will allow you to easily do this with a single query. i write about 20 million log lines into a mysql database every day so this should cover most use cases. a query would look like one of these two (depends if you want a line count or not): mysql> select distinct host from syslog_table_20170511; mysql> select distinct host,count(*) as count from syslog_table_20170511 group by host order by count desc; pulling from log files on disk is obviously takes longer to run but can be done with a one-liner like this: $ cat file.log | awk '{print $1}' | sort | uniq -c | sort -nr another option is to write one log file per host and just run an ls to see which hosts have sent logs for the day, for example: /loghost/YYYYMMDD/hostname.prv.log the dynamic path can be setup using syslog-ng.
On May 12, 2017, at 1:11 PM, Sathish Sundaravel <sathish.sundaravel@gmail.com> wrote:
Hi All
I have syslog Ng server running on Solaris platform and configured to receive or accept events from all unix servers in one single log file.
If I want to collect list of servers reporting to the log server , I have to manually extract list from a single log file which is too much time consuming . What would the best way ?
Regards Sathish ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq