[syslog-ng] Stats on destinations with macro's ?

Evan Rempel erempel at uvic.ca
Tue Feb 18 19:33:08 CET 2014 

That certainly is not the way it works on 3.4

I have a file destinations that contain date stamps etc and when I run the

sudo syslog-ng-ctl stats

I get each destination as a separate statistic.

dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;dropped;0
dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;processed;5
dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;stored;0
dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;dropped;0
dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;processed;200
dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;stored;0
...
dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;dropped;0
dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;processed;156
dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;stored;0
...


so that should be what you are loooking for.

the "o" in the last three lines indicates that the destination is old (closed due to idle timeout)



On 02/18/2014 04:33 AM, Scot wrote:
>
> I realized my problem, if a destination contains a macro it’s still defined as one destination.
>
> Looking for direction here….
>
> My intention is to get syslog-ng-ctl to report stats on each VLAN in our environment while logging to a destination such as /var/log//$YYYY/$MM/$DD/$VLAN-Name-$SEVERITY.log . VLAN’s in our environment are defined in a  IPAM database with a name and subnet.
>
> I can drive a include file for syslog-ng.conf with a script, I just need guidence on the format of the config file.
>
> I would like to define a unique destination per subnet+severity so syslog-ng-ctl will give me counters if a subnet start sending large numbers of critical messages for example.
>
> I also feel I need a catch all for any message that does not match a defined destination. These would be malformed messages from hosts which would need to be corrected so they get to the proper destination.
>
> I think the subnet destinations would be be driven by matching subnet filters something like so…. but how would one create a filter that defines everything NOT matched by another filter  ?
>
> if VLAN...
> or VLAN…
> or VLAN…
> else everything_else..
>
>
> NOTE: Syntax may be off, this is just from memory.
>
> destination VLAN_NAME_HIGH_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.log”)};
> filter VLAN_NAME_HIGH_des { netmask(“192.168.1.0/255.255.255.0”); level(warn..emerg)};
>
> destination VLAN_NAME_LOW_des { file(“/var/log/$YYYY/$MM/$DD/$VLAN_NAME.info”)};
> filter VLAN_NAME_LOW_des { netmask(“192.168.1.0/255.255.255.0”); level(info..notice)};
>
> Sent from my iPad
>
>> On Feb 14, 2014, at 8:40 AM, Jakub Jankowski <shasta at toxcorp.com> wrote:
>>
>>> On 14.02.2014 02:55, Scot wrote:
>>> Is there a trick to get stats on destinations with macros ?
>>>
>>> I get stats on my FIFO, local, net work destinations but not on the destinations with macros.
>>
>> What do you mean by 'destinations with macros'? Does local file()
>> destination (with macros) count? Then it works for me (on 3.5.3):
>>
>> # syslog-ng-ctl stats | grep d_net_test
>> destination;d_net_test;;a;processed;888891
>> # grep 'destination d_net_test' /etc/syslog-ng/syslog-ng.conf
>> destination d_net_test { file("/var/log/$HOST/$R_YEAR-$R_MONTH.log"); };
>> #
>>
>>
>> Regards,
>>
>> --
>> Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
>> GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>


-- 
Evan Rempel                                      erempel at uvic.ca
Senior Systems Administrator                        250.721.7691
Data Centre Services, University Systems, University of Victoria

More information about the syslog-ng mailing list