Graylog doesn't register all events

1. Describe your incident:

On our Graylog server we run monitoring of networking equipment, servers etc.
Our Graylog instance is configured to send Telegram alerts on all logins on certain accounts, but I have noticed that if I login to more than 3 or 4 servers simultaneously Graylog misses the events. They are not sent via Telegram and they are not even registered as events in Graylog. The logs can be found in the “Search” window.

2. Describe your environment:

  • OS Information:

Ubuntu 22.04.3 LTS

  • Package Version:

Graylog 5.1.6+a771c25

  • Service logs, configurations, and environment variables:

Events are configured to be triggered when certain strings appear in syslog/winlog messages.

3. What steps have you already taken to try and solve the problem?

I have increased the time that Graylog event definitions search logs to 5min/5min, tried increasing RAM on server with no success either.

Thank you.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.