Determine NXLog Agent Health Status - Page 1

#1 casey1234 4 years ago

Hi,

We are planning to deploy NXLog to thousands of endpoints and need to know when an agent is no longer sending data regularly.

Is there an established method for determining NXLog is working normally at scale?

Thanks!

Permalink

#2 Zhengshi Nxlog ✓ 4 years ago

#1 casey1234

Hi, We are planning to deploy NXLog to thousands of endpoints and need to know when an agent is no longer sending data regularly. Is there an established method for determining NXLog is working normally at scale? Thanks!

Hey!

You can use statistical counters to help see this.
Check out the Detecting a Dead Agent or Log Source chapter in the manual.

Basically it is this config:

<Input in>
    Module  im_tcp
    Port    2345
    <Exec>
        create_stat("msgrate", "RATE", 3600);
        add_stat("msgrate", 1);
    </Exec>
    <Schedule>
        Every   3600 sec
        <Exec>
            create_stat("msgrate", "RATE", 10);
            add_stat("msgrate", 0);
            if defined get_stat("msgrate") and get_stat("msgrate") <= 1
                log_error("No messages received from the source!");
        </Exec>
    </Schedule>
</Input>