[syslog-ng] How to get list of IPs

Sathish Sundaravel sathish.sundaravel at gmail.com
Sat May 13 02:13:01 UTC 2017 

Hi Nik,

Thank you . Currently I don't have such database option enabled. I have
gathered host information from log file at this moment. Enabling log using
database and host name format sounds good idea.

Any other thoughts ?

Regards
Sathish

On Sat, 13 May 2017 at 1:55 AM, Nik Ambrosch <nik at ambrosch.com> wrote:

> someone correct me if i’m wrong, but i don’t think there’s a good way to
> get this information directly from the syslog-ng daemon, especially if it’s
> restarted.  a more reliable way is to pull the data off disk.
>
> depending on your log volume putting them into a database will allow you
> to easily do this with a single query.  i write about 20 million log lines
> into a mysql database every day so this should cover most use cases.  a
> query would look like one of these two (depends if you want a line count or
> not):
>
>   mysql> select distinct host from syslog_table_20170511;
>   mysql> select distinct host,count(*) as count from syslog_table_20170511
> group by host order by count desc;
>
> pulling from log files on disk is obviously takes longer to run but can be
> done with a one-liner like this:
>
>   $ cat file.log | awk '{print $1}' | sort | uniq -c | sort -nr
>
> another option is to write one log file per host and just run an ls to see
> which hosts have sent logs for the day, for example:
>
> /loghost/YYYYMMDD/hostname.prv.log
>
> the dynamic path can be setup using syslog-ng.
>
>
> > On May 12, 2017, at 1:11 PM, Sathish Sundaravel <
> sathish.sundaravel at gmail.com> wrote:
> >
> > Hi All
> >
> > I have syslog Ng server running on Solaris platform and configured to
> receive or accept events from all unix servers in one single log file.
> >
> > If I want to collect list of servers reporting to the log server , I
> have to manually extract list from a single log file which is too much time
> consuming . What would the best way ?
> >
> > Regards
> > Sathish
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170513/ee2869f2/attachment.html>

More information about the syslog-ng mailing list