Greetings all, I have a question about monitoring syslog-ng itself. In the event that the log server stops listening or stops processing for messages for whatever reason is there a way to alert on hosts that messages are being queued/buffered? In a situation recently the log server syslog-ng process was running but not accepting log messages from remote hosts for some reason. As a result they all pilled up at the sources until the clients rolled over. It would be helpful to have an alert that it is happening but I can't find anything on monitoring the buffers. Thanks much, PM
Yes, you can do this. See http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.2-guide... Note the bit about sending "STATS" to the syslog control socket. Look for the "stored" lines, these are what youre after. (can use `nc -U` instead of socat as well) You could also use the stats on the server and alert when the source counter stops incrementing. -Patrick Sent: Fri Nov 18 2011 18:54:13 GMT-0700 (MST) From: Paul Muther <dalamars@gmail.com> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Monitoring syslog-ng logserver
Greetings all,
I have a question about monitoring syslog-ng itself. In the event that the log server stops listening or stops processing for messages for whatever reason is there a way to alert on hosts that messages are being queued/buffered?
In a situation recently the log server syslog-ng process was running but not accepting log messages from remote hosts for some reason. As a result they all pilled up at the sources until the clients rolled over. It would be helpful to have an alert that it is happening but I can't find anything on monitoring the buffers.
Thanks much, PM
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Patrick H.
-
Paul Muther