we had a problem that something was changed in our production environment and we didn’t have the logs at that time because the log shipper was not configured.
I now have the task of monitoring each server and checking if each one is still sending all the logs and if not, alerting so we can fix it.
My question now is if anyone has already built something similar that works perfectly.
Our requirement is to check if each log is still indexed, i.e. Windows Event Logs and IIS Logs.
Thanks in advance