Detecting offline device

MKramis · April 26, 2018, 11:07am

Hi Graylog-Team,

We would like to monitor the status of our devices with graylog.
Most devices are connected via GPRS and send events and heartbeat messages to graylog server.

Beside of errors send by the device we would like to detect devices which are offline and therefore do not send heartbeat messages any more.
We were able to handle this by creating a stream per device and setting up Message Count Alert.
So every device needs dedicated stream, alert condition and alert notification.
As we plan to have hundreds of device alert condition and alert notification are redundant. This makes the handling difficult. e.g. If we want to change the message text we would need to change this hundreds of times - same if we want to change the mail address for notification.

Is there any elegant way to detect and handle offline devices?

Best regards
Markus

jochen · April 26, 2018, 11:25am

Currently that’s not possible with Graylog easily.

You could probably write a plugin which runs scheduled searches and checks which sources have stopped sending messages within a given period.

Related feature request:

system · May 10, 2018, 2:45pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Question regarding notifications Graylog Central (peer support) alert	2	460	February 18, 2022
Alerting/Notification when certain sources are not reporting Graylog Central (peer support)	9	3044	April 22, 2021
Events based on NOT receiving a message Graylog Central (peer support)	2	920	July 8, 2021
3.2.2 Alert Configuration Graylog Central (peer support)	1	282	March 26, 2020
Alert when certain source didn't receive logs within x minutes Graylog Central (peer support) alert	4	686	January 24, 2023

Detecting offline device

Related Topics