[syslog-ng] Monitoring syslog-ng logserver
Patrick H.
syslogng at feystorm.net
Sat Nov 19 03:30:03 CET 2011
Yes, you can do this. See
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.2-guides/syslog-ng-ose-v3.2-guide-admin-en.html/index.html-single.html#chapter-log-statistics
Note the bit about sending "STATS" to the syslog control socket. Look
for the "stored" lines, these are what youre after. (can use `nc -U`
instead of socat as well)
You could also use the stats on the server and alert when the source
counter stops incrementing.
-Patrick
Sent: Fri Nov 18 2011 18:54:13 GMT-0700 (MST)
From: Paul Muther <dalamars at gmail.com>
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Monitoring syslog-ng logserver
> Greetings all,
>
> I have a question about monitoring syslog-ng itself. In the event that the log server stops listening or stops processing for messages for whatever reason is there a way to alert on hosts that messages are being queued/buffered?
>
> In a situation recently the log server syslog-ng process was running but not accepting log messages from remote hosts for some reason. As a result they all pilled up at the sources until the clients rolled over. It would be helpful to have an alert that it is happening but I can't find anything on monitoring the buffers.
>
> Thanks much,
> PM
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111118/64fdb626/attachment-0001.htm
More information about the syslog-ng
mailing list