Stop getting log events from a specific device
What is your time limit here? No packets in an hour? 10 minutes? You can create rules and notification off of those rules. But a single device monitoring and reporting when a single device stops reporting isn't something I've heard of anyone doing (yet). I have seen some monitoring of systems being reachable but not monitoring that logs are being received from specific devices.
Dear Mr. Vladimir, first of all your question is not clear to me. If i undestand correctly, i think You want to monitor device status, That means need to monitor which are the devices stop sending events to Manager, Am i right? Regards Renji
Hi, I checked and it can be doable by agent vise. Let me check on more on this. In this mean time you can do it by monitoring each devices. In our environment, we have a dashboard to monitor all critical devices. From that its possible to monitor primary, secondary device handover. If any dashboard is empty, its means these devices are not sending logs to ESM, however you only need to monitor the critical devices. create a list of all critical devices and create a dash board.