[syslog-ng] Stats on destinations with macro's ?
Scot
scotrn at gmail.com
Tue Feb 18 13:33:44 CET 2014
I realized my problem, if a destination contains a macro it’s still defined as one destination.
Looking for direction here….
My intention is to get syslog-ng-ctl to report stats on each VLAN in our environment while logging to a destination such as /var/log//$YYYY/$MM/$DD/$VLAN-Name-$SEVERITY.log . VLAN’s in our environment are defined in a IPAM database with a name and subnet.
I can drive a include file for syslog-ng.conf with a script, I just need guidence on the format of the config file.
I would like to define a unique destination per subnet+severity so syslog-ng-ctl will give me counters if a subnet start sending large numbers of critical messages for example.
I also feel I need a catch all for any message that does not match a defined destination. These would be malformed messages from hosts which would need to be corrected so they get to the proper destination.
I think the subnet destinations would be be driven by matching subnet filters something like so…. but how would one create a filter that defines everything NOT matched by another filter ?
if VLAN...
or VLAN…
or VLAN…
else everything_else..
NOTE: Syntax may be off, this is just from memory.
destination VLAN_NAME_HIGH_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.log”)};
filter VLAN_NAME_HIGH_des { netmask(“192.168.1.0/255.255.255.0”); level(warn..emerg)};
destination VLAN_NAME_LOW_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.info”)};
filter VLAN_NAME_LOW_des { netmask(“192.168.1.0/255.255.255.0”); level(info..notice)};
Sent from my iPad
> On Feb 14, 2014, at 8:40 AM, Jakub Jankowski <shasta at toxcorp.com> wrote:
>
>> On 14.02.2014 02:55, Scot wrote:
>> Is there a trick to get stats on destinations with macros ?
>>
>> I get stats on my FIFO, local, net work destinations but not on the destinations with macros.
>
> What do you mean by 'destinations with macros'? Does local file()
> destination (with macros) count? Then it works for me (on 3.5.3):
>
> # syslog-ng-ctl stats | grep d_net_test
> destination;d_net_test;;a;processed;888891
> # grep 'destination d_net_test' /etc/syslog-ng/syslog-ng.conf
> destination d_net_test { file("/var/log/$HOST/$R_YEAR-$R_MONTH.log"); };
> #
>
>
> Regards,
>
> --
> Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
> GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
More information about the syslog-ng
mailing list