[syslog-ng] Stats on destinations with macro's ?

Scot scotrn at gmail.com
Tue Feb 18 13:33:44 CET 2014


I realized my problem, if a destination contains a macro it’s still defined as one destination. 

Looking for direction here….  

My intention is to get syslog-ng-ctl to report stats on each VLAN in our environment while logging to a destination such as /var/log//$YYYY/$MM/$DD/$VLAN-Name-$SEVERITY.log . VLAN’s in our environment are defined in a  IPAM database with a name and subnet.  

I can drive a include file for syslog-ng.conf with a script, I just need guidence on the format of the config file. 

I would like to define a unique destination per subnet+severity so syslog-ng-ctl will give me counters if a subnet start sending large numbers of critical messages for example. 

I also feel I need a catch all for any message that does not match a defined destination. These would be malformed messages from hosts which would need to be corrected so they get to the proper destination. 

I think the subnet destinations would be be driven by matching subnet filters something like so…. but how would one create a filter that defines everything NOT matched by another filter  ? 

if VLAN... 
or VLAN… 
or VLAN… 
else everything_else.. 


NOTE: Syntax may be off, this is just from memory. 

destination VLAN_NAME_HIGH_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.log”)}; 
filter VLAN_NAME_HIGH_des { netmask(“192.168.1.0/255.255.255.0”); level(warn..emerg)}; 

destination VLAN_NAME_LOW_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.info”)}; 
filter VLAN_NAME_LOW_des { netmask(“192.168.1.0/255.255.255.0”); level(info..notice)};

Sent from my iPad

> On Feb 14, 2014, at 8:40 AM, Jakub Jankowski <shasta at toxcorp.com> wrote:
> 
>> On 14.02.2014 02:55, Scot wrote:
>> Is there a trick to get stats on destinations with macros ?
>> 
>> I get stats on my FIFO, local, net work destinations but not on the destinations with macros.
> 
> What do you mean by 'destinations with macros'? Does local file() 
> destination (with macros) count? Then it works for me (on 3.5.3):
> 
> # syslog-ng-ctl stats | grep d_net_test
> destination;d_net_test;;a;processed;888891
> # grep 'destination d_net_test' /etc/syslog-ng/syslog-ng.conf
> destination d_net_test { file("/var/log/$HOST/$R_YEAR-$R_MONTH.log"); };
> #
> 
> 
> Regards,
> 
> -- 
> Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
> GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 


More information about the syslog-ng mailing list