There should be an alert for when there are more messages than average, but nothing that I know of for not receiving any messages.
On Wed, Dec 15, 2010 at 5:30 AM, NewRules <[email protected]> wrote: > Hi, > > I'm using ossec as a log corellator. > For log centralization I'm using syslog-ng (for formatting features), > thus im'not using ossec agents for log collection. > > I wanna know if there is any option to set an alert when no logs or an > unusual amount of log from a certain host is noticed. > > The problem I've been through is that after servers reboot, syslog-ng > agents did not restart for some reason and thus they were not sending > logs anymore. Ossec did not warned me about it. > > How is it possible to set this kind of alert ? > > Thanks,
