Detection of no log received


(Kelvin Ng) #1

Hi all,

Is there any simple and efficient way to detect the missing log from each host in a specific period. I could only come up a solution by creating stream for each host and set alert to check NO message recevied by this stream. However, I would need to create 500 streams if the GLS accepting logs from 500 devices!!

any other smarter way to do this? thank for advise


#2

I suggest do two search via api.
Do a Quick overview on source, and chech the URL with your browser’s debug tool.
First search eg. 2 weeks to 1 week, and last week. You can compare the two lists. Or you can just do the last search, and compare with your manual list.


#3

you’d be better off making an rsyslog config that drops the hostname to a log on the graylog server. then having a cron job compare that log to a list of known hostnames, send out an email alert if no match occurs. it will take some development


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.