That is, the number of messages syslog-ng OSE passed to the destination driver (processed) minus the number of messages that are still in the output queue of the destination driver (queued) and the number of messages dropped because of an error (dropped, for example, because syslog-ng OSE could not deliver the message to the destination and exceeded the number of retries).
syslog- ng -ctl verbose –set=on The Stats Command. stats [options] Use the validate command to validate the signatures and timestamps of a logstore file. The validate command has the following options:–control= or -c Specify the socket to use to access syslog-ng. Only needed when using a non-standard socket. Example: syslog- ng -ctl stats, syslog- ng -ctl verbose –set=on THE STATS COMMAND stats [options] Use the stats command to display statistics about the processed messages. The stats command has the following options: –control= or -c Specify the socket to use to access syslog-ng. Only needed when using a non-standard socket. Example: syslog- ng -ctl stats An example output:, /usr/sbin/syslog- ng -ctl debug –set=on /usr/sbin/syslog- ng -ctl verbose –set=on /usr/sbin/syslog- ng -ctl trace –set=on But I’m not sure if what I see is really relevant, as all the error/warning messages I receive on both sides are there even if the log flux is working or not. I checked with tcpdump, the forwarder stopped forwarding the messages.
syslog- ng -ctl verbose –set=on The Stats Command. stats [options] Use the stats command to display statistics about the processed messages. The stats command has the following options:–control= or -c. Specify the socket to use to access syslog- ng . Only needed when using a non-standard socket.–reset or -r, Select all dropped value from every stats node: *. stats . dropped The nodes and properties available in the tree depend on your syslog-ng PE configuration (that is, the sources, destinations, and other objects you have configured), and also on your stats -level() settings.
10/10/2018 · Can you use syslog- ng -ctl stats to see which counter is changing and how much? (especially interested in: processed, dropped , queued) Br, Laci. Copy link Contributor faxm0dem commented Oct 11, 2018. There is an open bug #1993 that causes an infinite loop when ES doesn’t parse a message. Can you …
10/18/2017 · I’ve used the `syslog- ng -ctl stats ` command to confirm that the syslog to logstash transport step is where my logs are being dropped . I’ve tried the following: *Switched Syslog-ng output between TCP and UDP – both resulted in about the same amount of loss. *Increased RAM and worker count on logstash – no changes observed.
10/26/2017 · Due to the format that the internal source or the “ stats ” option of syslog- ng -ctl uses, it is not easy to send statistical data to Graphite or anywhere else. The syslog- ng -ctl utility provides a flexible “query” option, (available in recent versions of syslog-ng) which uses an easy-to-parse output format.
UDP is connectionless, which should negate anything about dropped connections. Using TCP might give you clearer problem reports. – user Oct 20 ’16 at 9:51 Whilst UDP is connectionless, additional checks can be done at layer 7 in certain apllications.
Tor, Net-SNMP, Nagios, Suricata, OSSEC
