Hi, I'm using ossec as a log corellator. For log centralization I'm using syslog-ng (for formatting features), thus im'not using ossec agents for log collection.
I wanna know if there is any option to set an alert when no logs or an unusual amount of log from a certain host is noticed. The problem I've been through is that after servers reboot, syslog-ng agents did not restart for some reason and thus they were not sending logs anymore. Ossec did not warned me about it. How is it possible to set this kind of alert ? Thanks,
