Monitoring if Server is still sending logs

Jostrus · April 14, 2023, 6:57am

Hi all,

we had a problem that something was changed in our production environment and we didn’t have the logs at that time because the log shipper was not configured.
I now have the task of monitoring each server and checking if each one is still sending all the logs and if not, alerting so we can fix it.

My question now is if anyone has already built something similar that works perfectly.
Our requirement is to check if each log is still indexed, i.e. Windows Event Logs and IIS Logs.

Thanks in advance

jasonrojas · April 14, 2023, 6:33pm

What I generally do, we have all sorts of log metadata from which specific application, environment etc, is just create a monitor to check if the log count drops substantially based on the previously mentioned dimensions, if it does we send an alert saying applicationX in EnvironmentY has reduced logging output, please investigate.

Topic		Replies	Views
Best practices for the log shipper selection of Windows eventlog OpenSearch	3	646	February 8, 2024
Create an alert when logs are in delay or are sent too early Alerting	1	443	February 7, 2023
Alert if index not being created or updated OpenSearch	1	258	March 3, 2023
Trigger for more than one server Alerting	2	683	December 30, 2020
Any 'live tailing' plug-in or 'Stream live' plug-in General Feedback	2	616	September 3, 2021

Monitoring if Server is still sending logs

Related topics