Question asked by Renato Goncalves on Feb 6, 2019
I need a rule ( ESA rule ) or anything that can do the trick to monitor if an event stopped sending logs.


Yesterday Apache, and the Firewall stopped sending events and logs for 3 hours and we did not noticed, because no alert was triggered.


Is there a way to monitor that by an alert or something like it? I could create a dashboard ( which we already have ) or open the alarns in the Event Source but if we are occupied analysing an incident or doing something else we cannot tell whats going one, like yesterday...