In our environment we see that suddenly some sources are starting spam log messages due to a hardware or a software issue and it creates conjunction in the network, hence we need to identify the spammers immediately. Is there is any way to get an alert if a source started sending higher number of logs than usual using Graylog. I see that in sources tab listing the highest log senders but looking for a alert when such ever occurs. Any help on this appreciated. Thanks
Thanks Jan for looking into this, currently we are using Graylog v2.4.6 open source version. We can upgrade to 3.1 version, however do we have to purchase enterprise edition to avail the feature? Kindly clarify.
I was going through the correlation engine demo videos, my understanding is that we need a log pattern to detect the log spamming. My question is , if suddenly a source started spamming some unknown logs , then the correlation engine can detect the spamming? if so kindly guide me how to configure it.