Alert for missing logs over a certain period

DavDav · March 22, 2021, 1:32pm

Objective: Mail notification if logs haven’t been received from network hosts in the last XX minutes.

Setup: The network design is extremely strict, so all logs are transmitted via NXlog proxy collectors across several layers of security zones before reaching Graylog.

Question: In this setup, how can I construct an Event Alert to get notification about logs not coming from any given host on the platform for XX minutes?

dickinsonzach · March 22, 2021, 2:42pm

Good morning, check out:

It references this:
https://graylog.zammad.com/help/en-us/13/53

Thank you, Zach.

system · April 5, 2021, 2:43pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog 3.2 alert when host drops off Graylog Central (peer support)	2	426	September 3, 2020
Alert when certain source didn't receive logs within x minutes Graylog Central (peer support) alert	4	890	January 24, 2023
GrayLog 5 and Alerts Graylog Central (peer support)	3	365	June 30, 2023
Alerting/Notification when certain sources are not reporting Graylog Central (peer support)	9	3369	April 22, 2021
Question regarding notifications Graylog Central (peer support) alert	2	518	February 18, 2022

Alert for missing logs over a certain period

Related Topics