[syslog-ng] Issues running syslog-ng-ctl program locally to determine logging issues

Matt Zagrabelny mzagrabe at d.umn.edu
Wed Apr 15 18:35:32 CEST 2015


On Wed, Apr 15, 2015 at 11:16 AM, Andrew Bell <abell at factset.com> wrote:
> Also would like to throw out that I am open to using strace or some other
> debug hook program to figure out the cause here if that would help better,
> just would like a pointer as to how I would go about using it to identify
> dropped logs.

I wrote a small perl program (attached) to query syslog-ng-ctl and
netstat to see buffer sizes and thus identify if logs are being
dropped.

It loops forever and once a second (or defined interval) it runs:

syslog-ng-ctl to get the UDP messages processed
syslog-ng-ctl to get the TLS (TCP) messages processed
netstat to get the UDP errors
netstat to get the UDP packets received

It then prints out the rate of change of those four values and you can
see if the "graph" is plateauing - which for the logs processed
indicates some sort of bottleneck - or if there are peaks and valleys
which indicate syslog-ng is able to handle the load.

-m
-------------- next part --------------
A non-text attachment was scrubbed...
Name: get-syslog-ng-metrics
Type: application/octet-stream
Size: 5667 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150415/2500534f/attachment.obj 


More information about the syslog-ng mailing list