JFYI: for the moment, I disabled the central syslog server in favor of the new graylog instance. No need to change anything on the host side: the syslog server is forwarding the traffic directly into the graylog queue. This means that the syslog server does NOT keep a copy of the remote logs on disk any longer. Instead, everything is pushed directly into a elasticsearch database for further processing. This in turn means that the old monitoring check for outdated remote logs is turned of. In the last weeks, I was working more on checking why a specific host was not sending logs any longer - and often enough, these hosts just had nothing to say (as they are planned replacements that are not active, yet). In the end, I was becoming too lazy to reconfigure that check again and again - so at least I am not sad about loosing this check. For those, who want to get a look at the new frontend for log files: https://graylog.opensuse.org/ Note: a openSUSE heroes LDAP account (FreeIPA) is needed to log in. A nice starting point might be the good documentation at: https://docs.graylog.org/en/3.2/pages/queries.html Regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org