[syslog-ng] syslog-ng EPS
Wilson, Jonathan L
jonathan.wilson at vumc.org
Mon Jun 12 18:48:44 UTC 2023
We use:
syslog-ng-ctl query get source.*.processed --reset
In a cron job just before midnight to capture the entire day's stats. They show up in the format:
source.s_local.processed=4722471
source.s_BSD_TCP.processed=6299967
source.s_RFC5424_TCP.processed=0
source.s_network_source.processed=27695900
.
.
.
where "s_local", "s_BSD_TCP", etc. are the source names inside the syslog-ng.conf file. Note that the "-reset" on the end does just that, resets the stats to zero.
A little scripting to divide the numbers above by 86400 will give you the count of messages per second by source. (We convert ours to JSON and dump it into Splunk for later viewing.)
Regards,
Jonathan Wilson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230612/ae67d6bc/attachment.htm>
More information about the syslog-ng
mailing list