Detection of no log received

Hi all,

Is there any simple and efficient way to detect the missing log from each host in a specific period. I could only come up a solution by creating stream for each host and set alert to check NO message recevied by this stream. However, I would need to create 500 streams if the GLS accepting logs from 500 devices!!

any other smarter way to do this? thank for advise

I suggest do two search via api.
Do a Quick overview on source, and chech the URL with your browser’s debug tool.
First search eg. 2 weeks to 1 week, and last week. You can compare the two lists. Or you can just do the last search, and compare with your manual list.

you’d be better off making an rsyslog config that drops the hostname to a log on the graylog server. then having a cron job compare that log to a list of known hostnames, send out an email alert if no match occurs. it will take some development

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.