Hello
Wanted to ask if its possible to alert based on how much node has logged syslog messages? For example if switch is usualy quiet and then suddenly starts generating alot of logs, is it possible to detect?
Egert
Hi,
you can configure DCI on a switch with source "internal" and parameter ReceivedSyslogMessages- it is cumulative counter for received syslog messages. Then you can either do delta transformation and create threshold on it or use "diff" threshold on raw value.
Best regards,
Victor
That was simple solution, thanks :)