Hello Huntress team,

We’ve identified an issue that exposed a visibility gap in Syslog source monitoring.

In one customer organization, Syslog sources suddenly disappeared. Huntress now shows 0 Syslog sources, even though multiple devices are still configured to send logs to a specific agent. We’re currently debugging the cause. This only affected a single organization; others are working as expected.

As a result, we realized there’s no clear way to detect when a Syslog source that was previously sending logs regularly stops doing so.

It would be extremely valuable to have:

An alert or warning when a previously active source becomes silent

This would help detect ingestion failures early and avoid blind spots in SIEM data.