Hi Nik,

Thank you . Currently I don't have such database option enabled. I have gathered host information from log file at this moment. Enabling log using database and host name format sounds good idea. 

Any other thoughts ? 

Regards
Sathish 

On Sat, 13 May 2017 at 1:55 AM, Nik Ambrosch <nik@ambrosch.com> wrote:
someone correct me if i’m wrong, but i don’t think there’s a good way to get this information directly from the syslog-ng daemon, especially if it’s restarted.  a more reliable way is to pull the data off disk.

depending on your log volume putting them into a database will allow you to easily do this with a single query.  i write about 20 million log lines into a mysql database every day so this should cover most use cases.  a query would look like one of these two (depends if you want a line count or not):

  mysql> select distinct host from syslog_table_20170511;
  mysql> select distinct host,count(*) as count from syslog_table_20170511 group by host order by count desc;

pulling from log files on disk is obviously takes longer to run but can be done with a one-liner like this:

  $ cat file.log | awk '{print $1}' | sort | uniq -c | sort -nr

another option is to write one log file per host and just run an ls to see which hosts have sent logs for the day, for example:

/loghost/YYYYMMDD/hostname.prv.log

the dynamic path can be setup using syslog-ng.


> On May 12, 2017, at 1:11 PM, Sathish Sundaravel <sathish.sundaravel@gmail.com> wrote:
>
> Hi All
>
> I have syslog Ng server running on Solaris platform and configured to receive or accept events from all unix servers in one single log file.
>
> If I want to collect list of servers reporting to the log server , I have to manually extract list from a single log file which is too much time consuming . What would the best way ?
>
> Regards
> Sathish
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq