syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition

Contents

16.3.1. monitoring() source options The syslog-ng Premium Edition 7 Administrator Guide

The monitoring() driver has the following options. Only the query() option is required, other options are optional.

clear-on-read()

Type: boolean
Default: no

Description: Reset the counters after reading. Note that if a destination is not available, syslog-ng PE will not reset its counter even if clear-on-read() is set to yes.

If you use multiple monitoring source, and you use the clear-on-read() parameter, make sure to adjust the queries appropriately. Overlapping queries that read and reset the same counters result in incorrect statistics.

freq()

Type: integer
Default: 600 [seconds]

Description: Specifies how often does syslog-ng PE execute the query and send a statistics message.

message-template()

Type: string
Default: N/A

Description: Specifies how the message containing the queried statistics is formatted. You can use macros and template functions in the format string. For example, you can format the message as a JSON object:

source s_monitor{ monitoring(
    query("*")
    freq(10)
    message-template('$(format-json --scope nv_pairs)')
    );};

Note that here you can only format the payload of the message (that is the, ${MESSAGE} part). You can format the headers or other parts of the outgoing message in the destination driver.

query()

Type: string
Default: N/A

Description: Specifies which statistical counters will be included in the messages. Note that the list of available counters depends on your syslog-ng PE configuration (mainly the configured sources and destinations) and on the stats-level() global option. The * string includes every available counters. The syntax of the query option is identical to the syslog-ng-ctl query get <query> command.

source s_monitor{ monitoring(
    query("*")
    );};

For example, the "destination*" query lists the configured destinations, and the metrics related to each destination. An example output:

destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.dropped: 0
destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.processed: 0
destination.java.d_elastic#0.java_dst(ElasticSearch,elasticsearch-syslog-ng-test,t7cde889529c034aea9ec_micek).stats.stored: 0
destination.d_elastic.stats.processed: 0