You can also simply check TCP connections' state. One caveat is that in
case of rarely-talking sources they might not initiate connection until
they have data to send.
Mariusz Kruk
Ekspert ds. Bezpieczeństwa IT
COMP S.A.
Pion Cyberbezpieczeństwa i Zarządzania Ryzykiem
e-mail: [email protected]
e-mail: [email protected]
tel: +48 608 623 299
On 17.02.2021 00:29, David Lang via rsyslog wrote:
take a look at the impstats module, and the ability for the imtcp
module to record per-sender stats
if that isn't enough, you can create your own stats via the
dyn_stats() functions
David Lang
On Tue, 16 Feb 2021, odrzen via rsyslog wrote:
Date: Tue, 16 Feb 2021 23:04:40 +0000
From: odrzen via rsyslog <[email protected]>
Reply-To: odrzen <[email protected]>,
rsyslog-users <[email protected]>
To: "[email protected]" <[email protected]>
Cc: odrzen <[email protected]>
Subject: [rsyslog] Information about incoming logs.
Hello rsyslog community,
I'm new to rsyslog, but have already successfully configured some
machines to send their logs using mutual TLS authentication.
So far so good, but I have some questions :
How can I see from the rsyslog server side how many and which
machines send logs ?
With the command "systemctl status rsyslog" I have a view on what
happens and which machines have problems, but it is not very clear.
Can I somehow see which machines are successfully communicating and
sending their logs ?
Another very interesting information for me, would be to be able to
see the time of the last update for each machine.
For example:
Domain Status Last update
domain1.com [Connection OK] 04:04:33
domain2.com [Connection FAILED] 02:32:03
domain3.com [Connection OK] 04:02:12
....
Can I get this kind of information from the rsyslog server ?
Thanks in advance.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
