How to compare source/Received event count??

Hi All

     The customer wants to collect an event source that provides a clear total number of events... But when using syslog udp to send events, the number of events received is only about 70% of the number of events recorded by the event source... If it is changed Using syslog TCP to send the same number of events is even lower than 50%....
     I want to avoid Sentinel Application first... I want to compare the amount of events received from syslog from SuSE. What command can I use to compare??

Thanks!!

Wencheng

Tags:

  • 0  

    I don't know of a command to do that, but if you want to see what is received into Sentinel then you could perform a raw data dump on the event source or syslog connector nodes, or even dump the data to a file from the syslog connector.

  • 0 in reply to   

    Hi  

       I had use dump setting from syslog connector....the event count indeed not match event source's total count.

    now I discuss with my colleage ...we should use tcpdump command to write a file to compare event on OS level to check whether syslog port could could not receive these huge events.

    the tcpdmp command like below:

    =========================

    tcpdump udp 1514 > dumpfile

    wc -l dumpfile

    ========================

    Wencheng