You may have a logspace that contains logs from several sources, for example legacy, tcp, tls, tcp_legacy.
How would you view the host and or IP addresses only for the tcp_legacy source? How would you know they came from that specific source in the logspace?
On the WEB UI of SSB there is no option to do this however you can get it from syslog-ng statistics.
Please see the following from the administration guide:
https://support.oneidentity.com/technical-documents/syslog-ng-premium-edition/6.0.14/administration-guide/27#TOPIC-1085270
You will have to log in to the core shell on the SSB and use the following command to get the list of the hosts of a specific source.
In this example the specific source is the default "tcp_legacy"
# /opt/syslog-ng/sbin/syslog-ng-ctl stats| egrep 'src.host;s_tcp_legacy.+processed'
src.host;s_tcp_legacy;test_win7;d;processed;1
src.host;s_tcp_legacy;127.0.0.1;d;processed;3
In the output the 3rd field is the host. In your command you will need to change "s_tcp_legacy" to the name of the source you want to query. You will need to add "s_" prefix before the name of the source.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center