Hey All,
Thanks in advance for looking at my post. I’m scoping out Graylog to use as our central logging server. It seems really impressive!
One of my daily tasks that I’d like to automate is reviewing the status of all our logging sources. Say, for instance the device goes down or loses network connectivity. How does Graylog react when a log source stops logging? Is there some way to see that or alert in Graylog?
Thanks again,
~Brayden
By default, it will do nothing.
You could create a stream and an alert condition to send a notification if there’s a certain timespan with no messages (or less than a threshold) in that stream.
Thank you for your reply! So to verify/clarify, if I wanted to be alerted that a log source hasn’t logged anything in say, a week, I’ll have to create a stream and alert condition for each individual source I want to monitor?
Not knowing the Graylog platform, can you help me understand the time commitment for that process? Is it something that can be “templated” in the system?
Yes, you would have to do that.
Not exactly, but similar enough via content packs.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
