Hello all,
Trying to get a little deeper into the KIWI Syslog waters and looking for some ideas on what to configure for the Custom Stats in the Daily Syslog e-mail.
We don't do much and it's not for the Daily email.
We update CustomStats01 with the total received. This is done via a scheduled script that reads Fields.GetDailyStats() and parses the current values and compares to CustomStats01 then updates the variable with the new total. We then send the difference to statsd and Graphite using Powershell-statsd. This gives us a near real time graph in our dashboard of the rate of incoming logs.
We'd like to do the same for individual inputs(TCP,UDP,SNMP). These are harder since there is no counter that breaks these down. This will likely be a rule that filters each input and a script that updates CustomStats02-04. This would be a lot of script calls and could be too big of a performance hit to be worth it.
I'd like to send an update to statsd for every message and let Graphite figure out rate. This also could be too intensive since the script will shell out to Powershell a couple times a second.
It would be a great feature to be able to poll the counters and top 20 hosts included in the Syslog Statistics window and have counters for the input types... Another useful item would be the ability to use the message variables like %MsgThisHour in the keepalive message.
We send our syslogs to a SQL server. More than that, we send to different tables based on the syslog facility we have assigned to our various gear by groups (Routers, Switches, UPS, etc). Under each rule that separates this traffic is a call to a script that updates a message counter for a customstats assigned to that facility. There is another script that resets the counters at specific intervals. Before clearing the stats for the next interval the counters are written to another SQL table.
I thought it would be neat when I set it up but in reality I don't use it that much up to now.
BobL.
