What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Syslog messages arriving on PRTG network, but not appearing in PRTG syslog sensor

Votes:

0

Hi folks. My Pulse Secure device is sending UDP 514 syslog traffic correctly and I can see the stream of messages on the PRTG server in Wireshark, but they never surface in the syslog sensor. I've removed all the filters from the syslog sensor and tried everything I can think of. Any ideas? Thanks

pulse-secure syslog wireshark

Created on Jun 16, 2022 11:58:56 PM



6 Replies

Votes:

0

Hello Dunedin,

did you create the sensor on the probe device, or on another device object?

The latter would imply an input filter using the device address. Could that be the issue here?

Created on Jun 21, 2022 4:54:42 PM by Arne Seifert [Paessler Support]



Votes:

0

Hi Arne, I've tried creating it on the probe device and on the Pulse Secure device object (configured using IP address). Neither one receives any messages from the Pulse (probe device sensor gets messages from everywhere else, but not the Pulse device).

Syslog sensors

Wireshark

Pulse Secure

Created on Jun 21, 2022 10:00:09 PM

Last change on Jun 28, 2022 3:01:38 PM by Arne Seifert [Paessler Support]



Votes:

0

Hi, I tried on both. No messages from the Pulse on either.

Created on Jun 23, 2022 1:07:35 AM



Votes:

0

Hello,

do you operate multiple probes in PRTG?

Please also check if the syslog collector is running. For this, go to the web interface, open Setup / System Administration / Administrative Tools. Scroll down to the probe tools and perform the function "Write Probe Status Files".

Once that is done, go to the computer running the probe. Open "C:\ProgramData\Paessler\PRTG Network Monitor\Logs\debug", where among other debug snapshots a file for the syslog collector gets created.

Created on Jun 27, 2022 7:36:21 AM by Arne Seifert [Paessler Support]



Votes:

0

Hi Arne (sorry). We have a single PRTG probe. Here's the syslog debug log file:

****** Collector Port 514 Collector on Port 514 UDP Packets: 459762 UDP Packets Dropped: 0 UDP Packets Cut: 0 Free Pool: 50 Buffer: 0 Total: 459762/459762/5000 Processor 1: 83864 -> 32353 (0 errors) Processor 2: 145208 -> 54761 (0 errors) Processor 3: 85130 -> 33045 (0 errors) Processor 4: 145560 -> 54455 (0 errors)

* No Device Filter

UDPSensor id 4659 Storage: Count: 0 Warning: 0 Error: 0 id: 4659 size: 0/0/10240 Include: source[192.168.50.200] Exclude: Warning: severity[4] Error: severity[0-3]

* for 192.168.50.200

UDPSensor id 4658 Storage: Count: 0 Warning: 0 Error: 0 id: 4658 size: 0/0/10240 Include: Exclude: Warning: Error:

****** Collector Port 17273 Collector on Port 17273 UDP Packets: 0 UDP Packets Dropped: 0 UDP Packets Cut: 0 Free Pool: 50 Buffer: 0 Total: 0/0/5000 Processor 1: 0 -> 0 (0 errors) Processor 2: 0 -> 0 (0 errors) Processor 3: 0 -> 0 (0 errors) Processor 4: 0 -> 0 (0 errors)

* No Device Filter

* for 192.168.50.200

UDPSensor id 4658 Storage: Count: 0 Warning: 0 Error: 0 id: 4658 size: 0/0/10240 Include: Exclude: Warning: Error:

Created on Jun 27, 2022 8:43:20 PM



Votes:

0

Hello,

the probe device sensor seems to have an input filter? Could you remove that, setting it to "any"?

If it still does not work, could you check if those are syslogs supported by PRTG? PRTG can receive any kind of syslog according to the "BSD Syslog Protocol" (RFC 3164) and the "Syslog Protocol" (RFC 5424).

Created on Jun 28, 2022 5:13:08 PM by Arne Seifert [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.