Syslog-ng has a stats mechanism. If you sez stats-level(3), syslog-ng starts tracking host and program counters, and a timestamp for the last message received. These are lost when syslog-ng is restarted, but you can collect this every few minutes. You can query these counters using syslog-ng-ctl stats. The stats subsystem is being worked on to extend it, there were numerous pull requests recently. Cheers Bazsi On May 13, 2017 4:13 AM, "Sathish Sundaravel" <sathish.sundaravel@gmail.com> wrote:
Hi Nik,
Thank you . Currently I don't have such database option enabled. I have gathered host information from log file at this moment. Enabling log using database and host name format sounds good idea.
Any other thoughts ?
Regards Sathish
On Sat, 13 May 2017 at 1:55 AM, Nik Ambrosch <nik@ambrosch.com> wrote:
someone correct me if i’m wrong, but i don’t think there’s a good way to get this information directly from the syslog-ng daemon, especially if it’s restarted. a more reliable way is to pull the data off disk.
depending on your log volume putting them into a database will allow you to easily do this with a single query. i write about 20 million log lines into a mysql database every day so this should cover most use cases. a query would look like one of these two (depends if you want a line count or not):
mysql> select distinct host from syslog_table_20170511; mysql> select distinct host,count(*) as count from syslog_table_20170511 group by host order by count desc;
pulling from log files on disk is obviously takes longer to run but can be done with a one-liner like this:
$ cat file.log | awk '{print $1}' | sort | uniq -c | sort -nr
another option is to write one log file per host and just run an ls to see which hosts have sent logs for the day, for example:
/loghost/YYYYMMDD/hostname.prv.log
the dynamic path can be setup using syslog-ng.
On May 12, 2017, at 1:11 PM, Sathish Sundaravel < sathish.sundaravel@gmail.com> wrote:
Hi All
I have syslog Ng server running on Solaris platform and configured to receive or accept events from all unix servers in one single log file.
If I want to collect list of servers reporting to the log server , I have to manually extract list from a single log file which is too much time consuming . What would the best way ?
Regards Sathish ____________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq