This section describes how to get information about disk-buffer files used in syslog-ng Premium Edition (syslog-ng PE).
NOTE: Consider the following while reading this section:
Useful information about disk-buffers
Getting the list of disk-buffer files
Getting status information of disk-buffer files
This section describes useful information about disk-buffers used in syslog-ng Premium Edition(syslog-ng PE).
The following list contains useful information about disk-buffers:
You can configure disk-buffer() for a remote destination in the destination() statement.
For more information, see Sending and storing log messages — destinations and destination drivers > elasticsearch-http: Sending messages to Elasticsearch HTTP Event Collector > elasticsearch-http destination options.
This section describes getting the list of disk-buffer files used in syslog-ng Premium Edition(syslog-ng PE).
The syslog-ng PE application stores information (namely, the IP:PORT or DNS:PORT of the destinations, and the name of the disk-buffer file) about disk-buffers in its persist file.
For syslog-ng PE 6 LTS, the following command will list the disk-buffer files in use:
/opt/syslog-ng/bin/persist-tool dump /opt/syslog-ng/var/syslog-ng.persist | grep '_qfile' | sed -e 's/\\//g'
The example output will look like this:
afsocket_dd_qfile(stream,10.21.10.112:514) = { "queue_file": "/opt/syslog-ng/var/syslog-ng-00000.rqf" }
For syslog-ng PE 7 LTS, the following command will list the disk-buffer files in use:
/opt/syslog-ng/bin/persist-tool dump /opt/syslog-ng/var/syslog-ng.persist | awk -F '["=]' '/(qfile\(|\.queue)/ { gsub(/[ \t]+/, "", $5); gsub(/^[0-9A-Fa-f]{8}/, "", $5); "echo "$5"|xxd -r -p"|& getline QUEUE; printf("%s ==> %s\n",$1,QUEUE)}'
The example output will look like this:
afsocket_dd_qfile(stream,10.21.10.20:601) ==> /opt/syslog-ng/var/syslog-ng-00000.rqf
NOTE: Install a vim-common package on your system if you receive the following error message instead of the example output:
xxd: command not found
This section describes getting status information about the disk-buffer files used in syslog-ng Premium Edition(syslog-ng PE).
The basic command syntax for getting status information about the disk-buffer files used in syslog-ng PE looks like this:
/opt/syslog-ng/bin/dqtool info DISK_QUEUE_FILE
The following example commands describe how you can get status information about two different type of disk-buffer files (namely, empty normal disk-buffer files, and non-empty reliable disk-buffer queue files.
Empty normal disk-buffer file (all *_length is zero)
/opt/syslog-ng/bin/dqtool info /opt/syslog-ng/var/syslog-ng-00000.qf Disk-buffer state loaded; filename='/opt/syslog-ng/var/syslog-ng-00000.qf', qout_length='0', qbacklog_length='0', qoverflow_length='0', qdisk_length='0'
Non-empty, reliable disk-buffer queue file
/opt/syslog-ng/bin/dqtool info /opt/syslog-ng/var/syslog-ng-00000.rqf Reliable disk-buffer state loaded; filename='/opt/syslog-ng/var/syslog-ng-00000.rqf', queue_length='3519', size='1995952'
You can use the following one-liner command to get the state of disk-buffer files in the default directory:
for qfile in /opt/syslog-ng/var/*.?(r)qf ; do /opt/syslog-ng/bin/dqtool info $qfile 2>&1 ; done | cut -f2 -d ";" | awk -F \' '/_length/ { if ($4 > 0) { print "\nNON-EMPTY DISK-BUFFER\t"$0; } else { print "\nEmpty disk-buffer\t"$0 } }'
© 2022 One Identity LLC. ALL RIGHTS RESERVED. Feedback 使用条款 隐私