RE: Event log counts...

["Kurt" <kurtbuff () spro net>]

Ryan said...
| (likely Kiwi) syslog server in our environment. One of the
| questions that
| needs to get answered in order to implement such a solution
| is "How many
| total event log entries are we generating per
| minute/hour/day/week/month
| across all 200 of our servers?" I'm currently at a loss as to
| You ideas and suggestions are greatly appreciated.
|
| Thanks,
|
| Ryan
|

Kiwi will send an email to you with this information...

At the bottom a sample report that I've sanitized.

It's kind of a chicken/egg problem, but dumping the event logs remotely
with dumpel or one of the other freeware programs and running a simple
'wc -l' (from http://unxutils.sourceforget.net) against the concatenated
text files will give you a good idea of what you want - just make sure
that the program you use to dump the event logs will format the output
so that each event is on a single line.




///       Kiwi Syslog Daemon Statistics         ///
---------------------------------------------------
24 hour period ending on: Mon, 13 Dec 2004 00:00:01 -0800
Syslog Daemon started on: Fri, 15 Oct 2004 13:39:43
Syslog Daemon uptime:     58 days, 11 hours, 19 minutes
---------------------------------------------------

+ Messages received - Total:          12560246
+ Messages received - Last 24 hours:  94482
+ Messages received - Since Midnight: 93061
+ Messages received - Last hour:      4293
+ Messages received - This hour:      1501
+ Messages per hour - Average:        3874

+ Messages forwarded:                 0
+ Messages logged to disk:            93067

+ Errors - Logging to disk:           0
+ Errors - Invalid priority tag:      0
+ Errors - No priority tag:           0
+ Errors - Oversize message:          10

+ Disk space remaining on drive C:    13572 MB

---------------------------------------------------


  Breakdown of Syslog messages by sending host
+--------------------+------------+------------+
| Top 20 Hosts       |  Messages  | Percentage |
+--------------------+------------+------------+
<snip>
| zxx                |      8089  |      8.69% |
| zxxxxxxxxxxxx      |     13804  |     14.83% |
| zxxx               |     17963  |     19.30% |
| zxxxxxxx           |     23152  |     24.88% |
| All others (4)     |      2974  |      3.20% |
+--------------------+------------+------------+


    Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level      |  Messages  | Percentage |
+--------------------+------------+------------+
| 0 - Emerg          |         0  |      0.00% |
| 1 - Alert          |         0  |      0.00% |
| 2 - Critical       |         0  |      0.00% |
| 3 - Error          |         0  |      0.00% |
| 4 - Warning        |         0  |      0.00% |
| 5 - Notice         |     93061  |    100.00% |
| 6 - Info           |         0  |      0.00% |
| 7 - Debug          |         0  |      0.00% |
+--------------------+------------+------------+

Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0

End of Report.