Alert if Enabled Syslog Agent stops sending data for an extended period | Voters

Alert if Enabled Syslog Agent stops sending data for an extended period

complete

shawn switzer

If one of the Enabled Syslog Agents(ie: syslog listener) stops sending data for an extended period(ideally configurable), there should be an alert that is generated to have someone investigate.

August 29, 2024

Canny AI

Merged in a post:

Alert if Logs Stop

Scott Brewster

If we could get some kind of alert if one of the log sources stopped providing logs to the SIEM, that would be really cool. DNS Filter had an error, and we lost like two weeks of logs before anyone noticed.

August 3, 2025

Chris

Agree this is a needed function. Otherwise, are you to check daily that all collectors are reporting seems like it could just monitor if there has been lack of activity on a collector to send an alert.

Nate O'Brien

marked this post as

complete

We now have support for escalating on non-reporting log sources. A full description of the capability can be found here: https://support.huntress.io/hc/en-us/articles/42917517950995-Non-Reporting-Log-Source-Escalations

Jacob Wiley

Nate O'Brien Thank you for this!

Naftuli Herzog

Escalation that will create a ticket in our PSA

Chris Bisnett

marked this post as

in progress

Chris Bisnett

marked this post as

planned