[syslog-ng] Stats on destinations with macro's ?

Balazs Scheidler bazsi77 at gmail.com
Sat Mar 8 08:57:41 CET 2014 

What is your syslog-ng version?
On Feb 19, 2014 7:09 AM, "Scot Needy" <scotrn at gmail.com> wrote:

>
> I can't post the full output but if I look at the dst output there is no
> stats for my d_file destination but I do see them for others which are
> remote targets.
>
> This is the only stats output matching
> /opt/syslog-ng/sbin/syslog-ng-ctl stats   |grep file
>
> destination;d_file;;a;processed;3780673
>
>
>
> On Feb 18, 2014, at 11:34 PM, Evan Rempel <erempel at uvic.ca> wrote:
>
> > you have to stop grepping for "destination"
> >
> > the detailed lines are of the form
> >
> > dst.file;d_var_syslog#0;/var/log/syslog.20140218.000000;a;stored;0
> >
> >
> > note the leading dst.{destination type}.....
> >
> > Evan.
> >
> >
> > ________________________________________
> > From: Scot Needy [scotrn at gmail.com]
> > Sent: Tuesday, February 18, 2014 12:44 PM
> > To: Evan Rempel
> > Cc: Syslog-ng users' and developers' mailing list
> > Subject: Re: [syslog-ng] Stats on destinations with macro's ?
> >
> > stats_level makes no difference to the stats output.
> >
> > Level 1
> > [root@## ~]# /opt/syslog-ng/sbin/syslog-ng-ctl stats  |grep destin
> > destination;d_em7;;a;processed;4304
> > destination;d_mysql;;a;processed;11711
> > destination;d_fifo;;a;processed;11711
> > destination;d_file;;a;processed;11715
> >
> > [root@## ~]# vi  /etc/syslog-ng/syslog-ng.conf
> > [root@## ~]# /etc/init.d/syslog-ng restart
> > Restarting syslog-ng: Stopping syslog-ng:                  [  OK  ]
> > Starting syslog-ng:                                        [  OK  ]
> >
> > Level 3
> > nohup: appending output to `nohup.out'
> > [root@## ~]# /opt/syslog-ng/sbin/syslog-ng-ctl stats  |grep destin
> > destination;d_em7;;a;processed;62
> > destination;d_mysql;;a;processed;132
> > destination;d_fifo;;a;processed;132
> > destination;d_file;;a;processed;136
> >
> >
> >
> > On Feb 18, 2014, at 3:09 PM, Evan Rempel <erempel at uvic.ca> wrote:
> >
> >> Try adding the global option
> >>
> >> stats_level(1);
> >>
> >> ________________________________________
> >> From: Scot Needy [scotrn at gmail.com]
> >> Sent: Tuesday, February 18, 2014 11:50 AM
> >> To: Evan Rempel
> >> Cc: Syslog-ng users' and developers' mailing list
> >> Subject: Re: [syslog-ng] Stats on destinations with macro's ?
> >>
> >> Ok I must have something wrong with my conf then.
> >>
> >> options { long_hostnames (off);
> >>       flush_lines (0);
> >>       use_dns(no);
> >>       dns_cache(no);
> >>       use_fqdn(no);
> >> #       dns_cache_size(2014);
> >>       check_hostname(no);
> >>       chain_hostnames(no);
> >>       keep_hostname(no);
> >> };
> >>
> >> ######
> >> # sources
> >> source src {
> >>       unix-dgram("/var/run/log");
> >>       unix-dgram("/var/run/logpriv" perm(0600));
> >>       internal();
> >>       file("/dev/klog");
> >> };
> >> ### Local sources
> >> source s_local {
> >>       internal();
> >>       unix-stream("/dev/log" max-connections(20));
> >>       file("/proc/kmsg" program_override("kernel")); };
> >> ### External Network sources
> >> source s_net { udp(); tcp(max-connections(50)); };
> >> # Relay external sources
> >> log { source(s_net);
> >>         destination (d_mysql); destination (d_fifo); destination
> (d_file);
> >> };
> >>
> >> #######################################################################
> >> destination d_file {
> file("/data/syslog-ng/$R_YEAR/$R_MONTH/$R_DAY/$R_HOUR/$HOST.log"
> >>                       owner(root) group(root) perm(0600) dir_perm(0700)
> create_dirs(yes)); };
> >> ....
> >>
> >>
> >> # /opt/syslog-ng/sbin/syslog-ng-ctl stats
> >>
> >> SourceName;SourceId;SourceInstance;State;Type;Number
> >> global;payload_reallocs;;a;processed;1441
> >> source;s_net;;a;processed;44079304
> >> source;s_local;;a;processed;1035
> >> global;msg_clones;;a;processed;0
> >> destination;d_mysql;;a;processed;44079304
> >> src.internal;s_local#0;;a;processed;737
> >> src.internal;s_local#0;;a;stamp;1392752561
> >> global;sdata_updates;;a;processed;0
> >> center;;received;a;processed;0
> >> destination;d_fifo;;a;processed;44079304
> >> destination;d_file;;a;processed;44080339
> >> center;;queued;a;processed;0
> >>
> >> On Feb 18, 2014, at 1:33 PM, Evan Rempel <erempel at uvic.ca> wrote:
> >>
> >>> That certainly is not the way it works on 3.4
> >>>
> >>> I have a file destinations that contain date stamps etc and when I run
> the
> >>>
> >>> sudo syslog-ng-ctl stats
> >>>
> >>> I get each destination as a separate statistic.
> >>>
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;dropped;0
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;processed;5
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/Windows_Server_Update_Services.unknown.20140218.000000;o;stored;0
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;dropped;0
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;processed;200
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/flare-event.unknown.20140218.000000;o;stored;0
> >>> ...
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;dropped;0
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;processed;156
> >>>
> dst.file;d_authorized_unknown#0;/var/syslog/unknown/runaway.unknown.20140217.000000;o;stored;0
> >>> ...
> >>>
> >>>
> >>> so that should be what you are loooking for.
> >>>
> >>> the "o" in the last three lines indicates that the destination is old
> (closed due to idle timeout)
> >>>
> >>>
> >>>
> >>> On 02/18/2014 04:33 AM, Scot wrote:
> >>>>
> >>>> I realized my problem, if a destination contains a macro it's still
> defined as one destination.
> >>>>
> >>>> Looking for direction here....
> >>>>
> >>>> My intention is to get syslog-ng-ctl to report stats on each VLAN in
> our environment while logging to a destination such as
> /var/log//$YYYY/$MM/$DD/$VLAN-Name-$SEVERITY.log . VLAN's in our
> environment are defined in a  IPAM database with a name and subnet.
> >>>>
> >>>> I can drive a include file for syslog-ng.conf with a script, I just
> need guidence on the format of the config file.
> >>>>
> >>>> I would like to define a unique destination per subnet+severity so
> syslog-ng-ctl will give me counters if a subnet start sending large numbers
> of critical messages for example.
> >>>>
> >>>> I also feel I need a catch all for any message that does not match a
> defined destination. These would be malformed messages from hosts which
> would need to be corrected so they get to the proper destination.
> >>>>
> >>>> I think the subnet destinations would be be driven by matching subnet
> filters something like so.... but how would one create a filter that defines
> everything NOT matched by another filter  ?
> >>>>
> >>>> if VLAN...
> >>>> or VLAN...
> >>>> or VLAN...
> >>>> else everything_else..
> >>>>
> >>>>
> >>>> NOTE: Syntax may be off, this is just from memory.
> >>>>
> >>>> destination VLAN_NAME_HIGH_des {
> file("/var/log/$YYYY/$MM/$DD/$VLAN_NAME.log")};
> >>>> filter VLAN_NAME_HIGH_des { netmask("192.168.1.0/255.255.255.0");
> level(warn..emerg)};
> >>>>
> >>>> destination VLAN_NAME_LOW_des {
> file("/var/log/$YYYY/$MM/$DD/$VLAN_NAME.info")};
> >>>> filter VLAN_NAME_LOW_des { netmask("192.168.1.0/255.255.255.0");
> level(info..notice)};
> >>>>
> >>>> Sent from my iPad
> >>>>
> >>>>> On Feb 14, 2014, at 8:40 AM, Jakub Jankowski <shasta at toxcorp.com>
> wrote:
> >>>>>
> >>>>>> On 14.02.2014 02:55, Scot wrote:
> >>>>>> Is there a trick to get stats on destinations with macros ?
> >>>>>>
> >>>>>> I get stats on my FIFO, local, net work destinations but not on the
> destinations with macros.
> >>>>>
> >>>>> What do you mean by 'destinations with macros'? Does local file()
> >>>>> destination (with macros) count? Then it works for me (on 3.5.3):
> >>>>>
> >>>>> # syslog-ng-ctl stats | grep d_net_test
> >>>>> destination;d_net_test;;a;processed;888891
> >>>>> # grep 'destination d_net_test' /etc/syslog-ng/syslog-ng.conf
> >>>>> destination d_net_test {
> file("/var/log/$HOST/$R_YEAR-$R_MONTH.log"); };
> >>>>> #
> >>>>>
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> --
> >>>>> Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
> >>>>> GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> >>>>>
> ______________________________________________________________________________
> >>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >>>>> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> >>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >>>>>
> >>>>
> ______________________________________________________________________________
> >>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >>>> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> >>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >>>>
> >>>
> >>>
> >>> --
> >>> Evan Rempel                                      erempel at uvic.ca
> >>> Senior Systems Administrator                        250.721.7691
> >>> Data Centre Services, University Systems, University of Victoria
> >>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140308/8fee8b25/attachment.htm

More information about the syslog-ng mailing list