Skip to main content

Feed Monitoring

  • April 15, 2025
  • 3 replies
  • 67 views
R
Forum|alt.badge.img+8

Hello , i want to know if there is any way to supervize and monitor log ingestion from FEEDs.
We have multiple log source ( FEED) and i want to get notified if one of the feed stopped sending logs .
Thanks

Ben_T

3 replies

Ben_T
Staff
Forum|alt.badge.img+4
  • Ben_T
  • Staff
  • April 15, 2025

Hi Rached1996,

One method to monitor when an ingest source stops sending is the metric absence function of GCP Cloud Monitoring. I've linked the docs below and also here is a guide by Chris Martin on how to get things set up. He goes over forwarder monitoring but feed monitoring configuration as well.

https://cloud.google.com/monitoring/alerts/metric-absence
https://medium.com/@thatsiemguy/chronicle-forwarder-telemetry-via-google-cloud-monitoring-39ccb32b3853

Hope this helps.

kentphelps
vaskenh
S
  • spanugantiBronze 1
  • October 14, 2025

Im also looking for a similar kind of Yara rule 
Looking for any log source stop log feed that need an alert or shows detections. Its not working.


Suggestions are very helpful and also alternative solutions please! 

ThankYou
kentphelps
Staff
Forum|alt.badge.img+11
  • kentphelps
  • Staff
  • October 14, 2025

There are some rule examples in this doc that may be of some help:
Silent-host monitoring

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.