Hello, I want to perform an alerting notification in chronicle (not GCP), maybe a rule or dashboard visualisation about log source or a forwarder stopped sending logs, i want to do this on the siem directly without doing it on GCP
For info i have GCP audit logs ingested in chronicle
Thanks
Solved
Log source stopped sending logs-Alert
- Silver 2
Best answer by AymanC
Hi @Rached1996,
The following will likely be of use, modify this to look for metadata.log_type, as opposed to principal.hostname- Re: How to Configure Log Stoppage Alert for Indivi... - Google Cloud Community
Kind Regards,
Ayman
+13- Bronze 5
- Answer
Hi @Rached1996,
The following will likely be of use, modify this to look for metadata.log_type, as opposed to principal.hostname- Re: How to Configure Log Stoppage Alert for Indivi... - Google Cloud Community
Kind Regards,
Ayman
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.