Alert if Enabled Syslog Agent stops sending data for an extended period
complete
Autopilot
Merged in a post:
Visibility when Syslog sources stop sending logs
R
Ruben Castello
Hello Huntress team,
We’ve identified an issue that exposed a visibility gap in Syslog source monitoring.
In one customer organization, Syslog sources suddenly disappeared. Huntress now shows 0 Syslog sources, even though multiple devices are still configured to send logs to a specific agent. We’re currently debugging the cause. This only affected a single organization; others are working as expected.
As a result, we realized there’s no clear way to detect when a Syslog source that was previously sending logs regularly stops doing so.
It would be extremely valuable to have:
An alert or warning when a previously active source becomes silent
This would help detect ingestion failures early and avoid blind spots in SIEM data.
Autopilot
Merged in a post:
Alert if Logs Stop
S
Scott Brewster
If we could get some kind of alert if one of the log sources stopped providing logs to the SIEM, that would be really cool. DNS Filter had an error, and we lost like two weeks of logs before anyone noticed.
C
Chris
Agree this is a needed function. Otherwise, are you to check daily that all collectors are reporting seems like it could just monitor if there has been lack of activity on a collector to send an alert.
Nate O'Brien
marked this post as
complete
We now have support for escalating on non-reporting log sources. A full description of the capability can be found here: https://support.huntress.io/hc/en-us/articles/42917517950995-Non-Reporting-Log-Source-Escalations
J
Jacob Wiley
Nate O'Brien Thank you for this!
N
Naftuli Herzog
Escalation that will create a ticket in our PSA
Chris Bisnett
marked this post as
in progress
Chris Bisnett
marked this post as
planned