サポートと今すぐチャット
サポートとのチャット

syslog-ng Premium Edition 6.0.21 - Administration Guide

Preface Chapter 1. Introduction to syslog-ng Chapter 2. The concepts of syslog-ng Chapter 3. Installing syslog-ng Chapter 4. The syslog-ng PE quick-start guide Chapter 5. The syslog-ng PE configuration file Chapter 6. Collecting log messages — sources and source drivers Chapter 7. Sending and storing log messages — destinations and destination drivers Chapter 8. Routing messages: log paths, reliability, and filters Chapter 9. Global options of syslog-ng PE Chapter 10. TLS-encrypted message transfer Chapter 12.  Reliable Log Transfer Protocol™ Chapter 13. Reliability and minimizing the loss of log messages Chapter 14. Manipulating messages Chapter 15. Parsing and segmenting structured messages Chapter 16. Processing message content with a pattern database Chapter 17. Statistics and metrics of syslog-ng Chapter 18. Multithreading and scaling in syslog-ng PE Chapter 19. Troubleshooting syslog-ng Chapter 20. Best practices and examples

syslog-ng-query

Name

syslog-ng-query — Query metrics and statistic data from a running syslog-ng Premium Edition instance

Synopsis

syslog-ng-query [command] [options]

Description

NOTE: The syslog-ng-query application is distributed with the syslog-ng Premium Edition system logging application, and is usually part of the syslog-ng package. The latest version of the syslog-ng application is available at the syslog-ng page.

This manual page is only an abstract, for the complete documentation of syslog-ng, see the syslog-ng Documentation page.

The syslog-ng-query application is a utility that can be used to query metrics and statistic data from a running syslog-ng Premium Edition instance.

The syslog-ng PE application stores various data, metrics, and statistics in a hierarchical data structure tree (syslog-ng is the root node of the tree). The nodes of the tree can contain properties (but not every node contains properties). Every property has a name and a value. For example:

[syslog-ng]
|
|_[destinations]-[network]-[tcp]->[stats]->{received:12;dropped:2}
|
|_[sources]-[sql]-[stats]->{reveived:501;dropped:0}

You can query the nodes of this tree, and also use filters to select the information you need. A query is actually a path in the tree. You can also use the ? and * wildcards. For example:

  • Select every property: *

  • Select all dropped value from every stats node: *.stats.dropped

The nodes and properties available in the tree depend on your syslog-ng PE configuration (that is, the sources, destinations, and other objects you have configured), and also on your stats-level() settings.

The list command

syslog-ng-query list

Use the syslog-ng-query list command to display the list of metrics that syslog-ng PE collects about the processed messages. For details about the displayed metrics, see the syslog-ng Documentation page.

An example output:

stats
center.received.stats.processed
center.queued.stats.processed
destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.dropped
destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.processed
destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.stored
destination.d_elastic.stats.processed
source.s_tcp.stats.processed
source.severity.7.stats.processed
source.severity.0.stats.processed
source.severity.1.stats.processed
source.severity.2.stats.processed
source.severity.3.stats.processed
source.severity.4.stats.processed
source.severity.5.stats.processed
source.severity.6.stats.processed
source.facility.7.stats.processed
source.facility.16.stats.processed
source.facility.8.stats.processed
source.facility.17.stats.processed
source.facility.9.stats.processed
source.facility.18.stats.processed
source.facility.19.stats.processed
source.facility.20.stats.processed
source.facility.0.stats.processed
source.facility.21.stats.processed
source.facility.1.stats.processed
source.facility.10.stats.processed
source.facility.22.stats.processed
source.facility.2.stats.processed
source.facility.11.stats.processed
source.facility.23.stats.processed
source.facility.3.stats.processed
source.facility.12.stats.processed
source.facility.4.stats.processed
source.facility.13.stats.processed
source.facility.5.stats.processed
source.facility.14.stats.processed
source.facility.6.stats.processed
source.facility.15.stats.processed
source.facility.other.stats.processed
global.payload_reallocs.stats.processed
global.msg_clones.stats.processed
global.sdata_updates.stats.processed
tag..source.s_tcp.stats.processed

Displaying metrics and statistics

syslog-ng-query sum [options]

The syslog-ng-query sum <query> command lists the nodes that match the query, and their values. For example, the syslog-ng-query sum "destination*" command lists the configured destinations, and the metrics related to each destination. An example output:

destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.dropped: 0
destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.processed: 0
destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.stored: 0
destination.d_elastic.stats.processed: 0

The syslog-ng-query sum command has the following options:

--aggregate

Add up the result of each matching node and return only a single number.

For example, the syslog-ng-query sum --aggregate "destination*.dropped" command displays the number of messages dropped by the syslog-ng PE instance.

Files

/opt/syslog-ng/sbin/syslog-ng-query

See also

The syslog-ng Documentation page

syslog-ng.conf(5)

syslog-ng(8)

NOTE:

For the detailed documentation of syslog-ng PE see the syslog-ng Documentation page

If you experience any problems or need help with syslog-ng, visit the syslog-ng FAQ or the syslog-ng mailing list.

For news and notifications about of syslog-ng, visit the syslog-ng Blog.

Author

This manual page was written by the One Identity Documentation Team <documentation@balabit.com>.

Copyright

Copyright© 2000-2018One Identity. Published under the Creative Commons Attribution-Noncommercial-No Derivative Works (by-nc-nd) 3.0 license. For details, see https://creativecommons.org//. The latest version is always available at the syslog-ng Documentation page.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択