LogUsage data source

Question

Hello,We are having all our devices sending syslog to LM collector. Via LogUsage data source, we can monitor if the device sends syslog data or no. But the threshold to alarm on that is only 60 minutes.We would like to make the threshold longer like 1 or 2 days because some devices are quieter than others, and we want to control if we missed to configure syslog on one of the devices or it doesn't send syslog anymore due to any reason.So, i contacted LM support, they said it would be custom datasource. Any help with how to achieve that?

omarhegazy · Answer

Unfortunately that didn't work because when i test to stop the device from sending any syslog to the collector, the LogUsage will show just nothing, and thus can't tune alert on 0 value or No Data value.

See here i stopped it on 14:10, and nothing is reported afterwards

justin_lanoue · Answer

Your best built-in option is to create an alert rule that auto-escalates every 1440 minutes targeting the LogUsage datasource.

You would then target the alert rule to that does nothing on Stage 1 and Stage 2 and then on Stage 3 creates your a ticket.

Let me know if that works for you :)

justin_lanoue · Answer

ou would then target the alert rule to an escalation chain* that does nothing on Stage 1 and Stage 2 and then on Stage 3 creates your a ticket.

omarhegazy · Answer

Thanks for your feedback.. i will test that and see if it works.. will let you know :)

Forum Discussion

LogUsage data source

4 Replies

Recent Discussions

ServiceNow Integration - Auto closing alerts

ServiceNow Integration creating Incident Tasks?

What is up with Meraki API Modules?

exception:groovy.lang.MissingMethodException: No signature of method:

WMI Least Privileges