Forum Discussion

omarhegazy's avatar
omarhegazy
Icon for Neophyte rankNeophyte
2 months ago

LogUsage data source

Hello,

We are having all our devices sending syslog to LM collector. Via LogUsage data source, we can monitor if the device sends syslog data or no. But the threshold to alarm on that is only 60 minutes.

We would like to make the threshold longer like 1 or 2 days because some devices are quieter than others, and we want to control if we missed to configure syslog on one of the devices or it doesn't send syslog anymore due to any reason.

So, i contacted LM support, they said it would be custom datasource. Any help with how to achieve that?

syslog
  • omarhegazy's avatar
    omarhegazy
    Icon for Neophyte rankNeophyte
    2 months ago

    Unfortunately that didn't work because when i test to stop the device from sending any syslog to the collector, the LogUsage will show just nothing, and thus can't tune alert on 0 value or No Data value.

    See here i stopped it on 14:10, and nothing is reported afterwards

     

  • Justin_Lanoue's avatar
    Justin_Lanoue
    Icon for Advisor rankAdvisor
    2 months ago

    Your best built-in option is to create an alert rule that auto-escalates every 1440 minutes targeting the LogUsage datasource.

    You would then target the alert rule to that does nothing on Stage 1 and Stage 2 and then on Stage 3 creates your a ticket.

    Let me know if that works for you :)

    • Justin_Lanoue's avatar
      Justin_Lanoue
      Icon for Advisor rankAdvisor
      2 months ago

      ou would then target the alert rule to an escalation chain* that does nothing on Stage 1 and Stage 2 and then on Stage 3 creates your a ticket.

  • omarhegazy's avatar
    omarhegazy
    Icon for Neophyte rankNeophyte
    2 months ago

    Thanks for your feedback.. i will test that and see if it works.. will let you know :)