Failed login sources alerting

Dear All,

I have a test Graylog server setup with a test windows domain. Logs are shipped using NXLog community to the Graylog server in GELF format using a TCP connection.

Is there a way to get an alerts when a log source stops sending

Any help greatly appreciated.

Magneton

The way I approached this was to have a dedicated stream for that particular dataset and then create a Message Count alert on it so that if the count is 0 after X minutes, send a notification.

I also setup a Dashboard to monitor my forwarders and data over time (5 mins, 1 hr, 8hrs, 1day, etc.). I do the “source” in one panel and a data “type” in another - it provides a view of what what received by the server over time and let’s me know if something stopped forwarding. If you do something like that, just make sure you adjust the cache time on the widget so that it is not the default 60 seconds for the bigger queries.

Thanks for your help, I will try it out

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.