Hi,
I am looking to enable All Nodes in my environment for Log Analyzer, BUT I have a few concerns:
If I ever want to reduce my license count I have no idea which nodes are NOT sending me logs, and therefore could be disabled.
How do I know when devices stop sending me logs for any reason, we are building more alert logic based on Syslog & Traps, and if a device stops sending messages for any reason that would be a concern.
Thoughts?
Currently, I could remove Nodes that don't send any logs in 15 Days (The current retention period) but depending on the logging level that might not be a true picture, as some devices will be configured only to send when required.