[syslog-ng] How to get list of IPs
Sathish Sundaravel
sathish.sundaravel at gmail.com
Sat May 13 09:00:08 UTC 2017
Thank you so much Balazs and Nik .
On Sat, 13 May 2017 at 2:05 PM, Balazs Scheidler <bazsi77 at gmail.com> wrote:
> Syslog-ng has a stats mechanism. If you sez stats-level(3), syslog-ng
> starts tracking host and program counters, and a timestamp for the last
> message received.
>
> These are lost when syslog-ng is restarted, but you can collect this every
> few minutes.
>
> You can query these counters using syslog-ng-ctl stats.
>
> The stats subsystem is being worked on to extend it, there were numerous
> pull requests recently.
>
> Cheers
> Bazsi
>
> On May 13, 2017 4:13 AM, "Sathish Sundaravel" <
> sathish.sundaravel at gmail.com> wrote:
>
>> Hi Nik,
>>
>> Thank you . Currently I don't have such database option enabled. I have
>> gathered host information from log file at this moment. Enabling log using
>> database and host name format sounds good idea.
>>
>> Any other thoughts ?
>>
>> Regards
>> Sathish
>>
>> On Sat, 13 May 2017 at 1:55 AM, Nik Ambrosch <nik at ambrosch.com> wrote:
>>
>>> someone correct me if i’m wrong, but i don’t think there’s a good way to
>>> get this information directly from the syslog-ng daemon, especially if it’s
>>> restarted. a more reliable way is to pull the data off disk.
>>>
>>> depending on your log volume putting them into a database will allow you
>>> to easily do this with a single query. i write about 20 million log lines
>>> into a mysql database every day so this should cover most use cases. a
>>> query would look like one of these two (depends if you want a line count or
>>> not):
>>>
>>> mysql> select distinct host from syslog_table_20170511;
>>> mysql> select distinct host,count(*) as count from
>>> syslog_table_20170511 group by host order by count desc;
>>>
>>> pulling from log files on disk is obviously takes longer to run but can
>>> be done with a one-liner like this:
>>>
>>> $ cat file.log | awk '{print $1}' | sort | uniq -c | sort -nr
>>>
>>> another option is to write one log file per host and just run an ls to
>>> see which hosts have sent logs for the day, for example:
>>>
>>> /loghost/YYYYMMDD/hostname.prv.log
>>>
>>> the dynamic path can be setup using syslog-ng.
>>>
>>>
>>> > On May 12, 2017, at 1:11 PM, Sathish Sundaravel <
>>> sathish.sundaravel at gmail.com> wrote:
>>> >
>>> > Hi All
>>> >
>>> > I have syslog Ng server running on Solaris platform and configured to
>>> receive or accept events from all unix servers in one single log file.
>>> >
>>> > If I want to collect list of servers reporting to the log server , I
>>> have to manually extract list from a single log file which is too much time
>>> consuming . What would the best way ?
>>> >
>>> > Regards
>>> > Sathish
>>> >
>>> ______________________________________________________________________________
>>> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> > Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>> >
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170513/4165c5bb/attachment-0001.html>
More information about the syslog-ng
mailing list