Knowledge Base

  • I receive a logmon alert, but when i verify, i see the logs are coming in fine. Why?

    • Logmon alerts are fired if the system hasn't seen logs from a logsource in a defined time period say 30m, 90m or 6h. If you set this to a short time like 30m, this behaviour is often expected. A logsource may or may not have dropped off and it could have come back online and caught up with all the missing logs. This could happen due to a number of reasons like network congestion, very low log volume, system temporarily offline etc.,

    Try increasing the timeout to 90m or higher to decrease these alerts and make alerts reliable.

PreviousRoles & PermissionsNextFull Function List

Last updated