Hi Team,
we are facing some issue in the notification, In our setup, we are getting 300 network device logs but the issue is that if any device stops the sending log in Graylog server due to some reason so how we can know in Graylog.
we are also monitoring our service and port, but please help on same how we can resolve the same issue.
Hi there,
We have a content pack for this exact thing. See Graylog Knowledge Base - Content Pack - Event Source Not Sending Logs. Give that a shot and let me know if that ends up working for you.
Hi Aaronsachs,
Thanks for your Response,
While installing the content pack, I am getting some error
Please find the below mention error.
Installing content pack failed with status: Error: cannot POST http://192.168.1.35:9000/api/system/content_packs/d21a07c7-9611-4e8d-9313-c93841d47ab7/1/installations (500). Could not install content pack with ID: d21a07c7-9611-4e8d-9313-c93841d47ab7
please reply on this , how we can resolve the same
The error you provided doesn’t tell us much. Are you doing this as an admin user? What version of Graylog are you using?
thanks for reply.
we are using Graylog v3.0.2+1686930,
we are also using admin user , we have just install the content pack , we are getting below error
Please check ,
I don’t think that content pack will work with anything less than 3.2. If you’re on 3.0.2, that’s coming up on 2 years old
We’ve made a lot of improvements to the product in a most 2 years, so I’d recommend upgrading to something more recent if you want to take advantage of that content pack.
can you please guide how we can upgrade our system without any fault,
because it should be running , it is in production , so please suggest ,
We have documents describing the upgrade process here on our docs site. Those will be your best resource.
please confirm can we install the content pack for silent source in the open source version if yes so please suggest. if no what we can do to achieve the same in the 3.0.2 version because the system is in production we can not do bigger change which can affect our server.
Please help us to resolve the same.
he @Shyambihari
no this content pack runs (currently) only with the abilities that Enteprise enables. The event correlations to be precise.
Hi @jan , @aaronsachs !
I need to alert about if device is not sending logs, this content pack works in open source edition?
Thanks!
Hi @jan
Please help on this
Hi! the link expired! I need the JSON, or can i find it in website?
I’ve updated the link–please note @jan 's reply here Notification alert if device is not sending log - #11 by jan. The content pack makes use of the Graylog’s correlation engine, which is available in Graylog Enterprise.
Hi @aaronsachs , thanks for you reply!
Is there an alternative for this type of alerts using the open source version? I need to control the log holes
he @lmontesoro
with a plain vanilla Graylog you only have the option to query Graylog regular, by script or via your monitoring system to check if the known devices are sending messages or not.
This would even allow you to have different rates you check that per device. But you would need to make this for every device as enterprise is build to make your live easier this kind of check is possible only with the enterprise package.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
