Ok I must have something wrong with my conf then. options { long_hostnames (off); flush_lines (0); use_dns(no); dns_cache(no); use_fqdn(no); # dns_cache_size(2014); check_hostname(no); chain_hostnames(no); keep_hostname(no); }; ###### # sources source src { unix-dgram("/var/run/log"); unix-dgram("/var/run/logpriv" perm(0600)); internal(); file("/dev/klog"); }; ### Local sources source s_local { internal(); unix-stream("/dev/log" max-connections(20)); file("/proc/kmsg" program_override("kernel")); }; ### External Network sources source s_net { udp(); tcp(max-connections(50)); }; # Relay external sources log { source(s_net); destination (d_mysql); destination (d_fifo); destination (d_file); }; ####################################################################### destination d_file { file("/data/syslog-ng/$R_YEAR/$R_MONTH/$R_DAY/$R_HOUR/$HOST.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; …. # /opt/syslog-ng/sbin/syslog-ng-ctl stats SourceName;SourceId;SourceInstance;State;Type;Number global;payload_reallocs;;a;processed;1441 source;s_net;;a;processed;44079304 source;s_local;;a;processed;1035 global;msg_clones;;a;processed;0 destination;d_mysql;;a;processed;44079304 src.internal;s_local#0;;a;processed;737 src.internal;s_local#0;;a;stamp;1392752561 global;sdata_updates;;a;processed;0 center;;received;a;processed;0 destination;d_fifo;;a;processed;44079304 destination;d_file;;a;processed;44080339 center;;queued;a;processed;0 On Feb 18, 2014, at 1:33 PM, Evan Rempel <erempel@uvic.ca> wrote:
That certainly is not the way it works on 3.4
I have a file destinations that contain date stamps etc and when I run the
sudo syslog-ng-ctl stats
I get each destination as a separate statistic.
dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;dropped;0 dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;processed;5 dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;stored;0 dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;dropped;0 dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;processed;200 dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;stored;0 ... dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;dropped;0 dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;processed;156 dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;stored;0 ...
so that should be what you are loooking for.
the "o" in the last three lines indicates that the destination is old (closed due to idle timeout)
On 02/18/2014 04:33 AM, Scot wrote:
I realized my problem, if a destination contains a macro it’s still defined as one destination.
Looking for direction here….
My intention is to get syslog-ng-ctl to report stats on each VLAN in our environment while logging to a destination such as /var/log//$YYYY/$MM/$DD/$VLAN-Name-$SEVERITY.log . VLAN’s in our environment are defined in a IPAM database with a name and subnet.
I can drive a include file for syslog-ng.conf with a script, I just need guidence on the format of the config file.
I would like to define a unique destination per subnet+severity so syslog-ng-ctl will give me counters if a subnet start sending large numbers of critical messages for example.
I also feel I need a catch all for any message that does not match a defined destination. These would be malformed messages from hosts which would need to be corrected so they get to the proper destination.
I think the subnet destinations would be be driven by matching subnet filters something like so…. but how would one create a filter that defines everything NOT matched by another filter ?
if VLAN... or VLAN… or VLAN… else everything_else..
NOTE: Syntax may be off, this is just from memory.
destination VLAN_NAME_HIGH_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.log”)}; filter VLAN_NAME_HIGH_des { netmask(“192.168.1.0/255.255.255.0”); level(warn..emerg)};
destination VLAN_NAME_LOW_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.info”)}; filter VLAN_NAME_LOW_des { netmask(“192.168.1.0/255.255.255.0”); level(info..notice)};
Sent from my iPad
On Feb 14, 2014, at 8:40 AM, Jakub Jankowski <shasta@toxcorp.com> wrote:
On 14.02.2014 02:55, Scot wrote: Is there a trick to get stats on destinations with macros ?
I get stats on my FIFO, local, net work destinations but not on the destinations with macros.
What do you mean by 'destinations with macros'? Does local file() destination (with macros) count? Then it works for me (on 3.5.3):
# syslog-ng-ctl stats | grep d_net_test destination;d_net_test;;a;processed;888891 # grep 'destination d_net_test' /etc/syslog-ng/syslog-ng.conf destination d_net_test { file("/var/log/$HOST/$R_YEAR-$R_MONTH.log"); }; #
Regards,
-- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria