Hello,
I don't believe what you are looking for is possible to do in LEM. There is no feature which let's you pick 0 event in LEM. [you would have to submit a feature request for this].
There are specific events for when an agent goes offline [Rule notification when a LEM agent goes offline - SolarWinds Worldwide, LLC. Help and Support ], however for a syslog node, without an agent, I do not believe that it is possible to set up a rule if the syslog node goes offline or stops sending logs.
Possibly if the connector for it stops, yes. But the node itself, no.
LEM doesn't check the health of a syslog non-agent device, instead it patiently waits for a node to send in some syslog logs so that it's connectors can normalize them for you into a readable format.
It sounds more like NPM feature what you are looking for.
It doesn't monitor the node, it monitors the logs coming into it.
Perhaps a feature request form can be submitted for it?