What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

What does "100 logons failed since last start of PRTG" in the log mean?

Votes:

0

In my log in the main menu under Logs | System Events | Status Messages, I can see these three messages:

9/26/2011 9:20:59 AM 
   Starting Core Server: PRTG Network Monitor 9.1.0.1548 PRTG Network Monitor 500

9/26/2011 9:22:01 AM 
   Logon attempts slowed down due to failed logon margin exceeded in a short amount of time

9/26/2011 10:21:24 AM 
   100 logons failed since last start of PRTG

At the same time I notice that logging in to the PRTG web interface takes a few seconds. I have also received a ticket about this issue.

What is going on?

login prtg slow tickets web-server

Created on Sep 27, 2011 12:49:42 PM by  Dirk Paessler [Founder Paessler AG] (11,025) 3 6

Last change on Jan 18, 2023 9:54:05 AM by  Brandy Greger [Paessler Support]



13 Replies

Accepted Answer

Votes:

0

This article applies as of PRTG 22

Failed logins and overload protection

Too many failed logins have triggered the overload protection feature of PRTG.

In the log sample in the question, it took two minutes after the start of the PRTG core server to initiate the overload protection mode. Then it took about one hour to gather 100 more incorrect logins.

More

Created on Sep 27, 2011 1:13:09 PM by  Dirk Paessler [Founder Paessler AG] (11,025) 3 6

Last change on Jan 17, 2023 7:17:45 AM by  Brandy Greger [Paessler Support]



Votes:

0

Is there any place that would show where the failed logons are coming from? I have had a look through the logs on the PRTG web interface and I do not see where the failed logons are coming from???

Created on Oct 25, 2011 7:26:40 PM



Votes:

0

Patrick, please see the "How can I find these rogue systems?"-part in the article linked by Dirk: What is Overload Protection?

Note: Please install the latest PRTG version so the login attempts are actually written into the log.

Created on Oct 26, 2011 11:39:41 AM by  Torsten Lindner [Paessler Support]

Last change on Oct 26, 2011 11:44:33 AM by  Daniel Zobel [Product Manager]



Votes:

0

where i can see the log file ? i only can see : "ew ToDo ticket: Web server is slowing down login attempts (Protective measure) 100 logons failed since last start of PRTG. Please take a look at the following knowledge base article: https://kb.paessler.com/en/topic/25403" but can't find the detail of where is the source ip...

Created on Mar 18, 2016 3:05:53 AM



Votes:

0

Hi Vincent,

Log onto your PRTG host and open the PRTG Administrator Tool and open the Log Folder via the Logs & Info tab.

The webserver log files will be written into the \Logs\webserver folder. If you then open one file, you will find the source IP address of the failed logins (it's the first IP listed after the time stamp).

Best regards, Felix

Created on Mar 18, 2016 12:04:04 PM by  Felix Saure [Paessler Support]

Last change on Nov 21, 2019 8:14:18 PM by  Birk Guttmann [Paessler Support]



Votes:

0

Hi,

When I check the logs all the failed logins are from local.

127.0.0.1 "anonymous-prtgadmin-login_failed"

What can I do about this?

Created on Sep 2, 2016 1:46:52 AM



Votes:

0

Hi philco,

Check the system tray on your PRTG server. This looks very much like there's PRTG's Enterprise Console running in the background and using outdated credentials to access PRTG. Update the credentials configured there or close Enterprise Console, then the failed login attempts will stop.

Kind regards.

Created on Sep 2, 2016 7:54:10 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

May I suggest implementing ReCaptcha? Provides better protection than a delay.

Created on Sep 27, 2018 3:51:57 PM



Votes:

0

Hello mwiseley,

Sure, please see here if you like to propose this as a feature request, other users can vote on it as well then.

Kind regards,

Erhard

Created on Sep 28, 2018 9:11:24 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

C:\ProgramData\Paessler\PRTG Network Monitor\Logs (Web Server)

I have an Overload Protection mode activated and want to understand what's goind wrong, this directory has only outdated Logs, no files with fresh dates. Where i can find the logs with failed login attempts?

Created on Nov 9, 2018 11:31:15 AM



Votes:

1

Hello Vasily,

If you've updated PRTG recently, the log paths have changed a bit, you find them now here: C:\ProgramData\Paessler\PRTG Network Monitor\Logs\webserver

Today's webserver log is named "WebServer.log", older ones carry the date in the filename.

Kind regards,

Erhard

Created on Nov 9, 2018 11:43:01 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

How about PRTG-Cloud? How can I inspect these logs?

Created on Jul 5, 2023 8:03:09 AM



Votes:

0

At the moment it is not possible for the customers to download the server logs in the PRTG hosted. You can only submit the support bundle to Paessler support and we can do it for you.

Created on Jul 10, 2023 7:09:54 PM by  Jonathan Mena [Paessler Technical Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.