New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


What does "100 logons failed since last start of PRTG" in the log mean?

Votes:

0

Your Vote:

Up

Down

In my log in the main menu under Logs | System Events | Status Messages I can see these three messages:

9/26/2011 9:20:59 AM 
   Starting Core Server: PRTG Network Monitor 9.1.0.1548 PRTG Network Monitor 500

9/26/2011 9:22:01 AM 
   Logon attempts slowed down due to failed logon margin exceeded in a short amount of time

9/26/2011 10:21:24 AM 
   100 logons failed since last start of PRTG

At the same time I notice that logging into the web interface takes a few seconds and most actions inside the Enterprise Console also take a few seconds. I have also received a ticket about this issue.

What is going on?

login prtg slow tickets web-server

Created on Sep 27, 2011 12:49:42 PM by  Dirk Paessler [Founder Paessler AG] (10,880) 3 4

Last change on Nov 15, 2016 1:06:22 PM by  Gerald Schoch [Paessler Support]



11 Replies

Accepted Answer

Votes:

0

Your Vote:

Up

Down

Too many failed logins have triggered PRTG's overload protection.

In the log sample shown in the question above it took 2 minutes after the start of the PRTG server to initiate the protection mode. Then it took about one hour to gather 100 more incorrect logins.

See What is Overload Protection?

Created on Sep 27, 2011 1:13:09 PM by  Dirk Paessler [Founder Paessler AG] (10,880) 3 4

Last change on Sep 28, 2011 3:41:27 PM by  Dirk Paessler [Founder Paessler AG] (10,880) 3 4



Votes:

0

Your Vote:

Up

Down

Is there any place that would show where the failed logons are coming from? I have had a look through the logs on the PRTG web interface and I do not see where the failed logons are coming from???

Created on Oct 25, 2011 7:26:40 PM by  Patrick Brennan (0) 1



Votes:

0

Your Vote:

Up

Down

Patrick, please see the "How can I find these rogue systems?"-part in the article linked by Dirk: What is Overload Protection?

Note: Please install the latest PRTG version so the login attempts are actually written into the log.

Created on Oct 26, 2011 11:39:41 AM by  Torsten Lindner [Paessler Support]

Last change on Oct 26, 2011 11:44:33 AM by  Daniel Zobel [Paessler Support]



Votes:

0

Your Vote:

Up

Down

where i can see the log file ? i only can see : "ew ToDo ticket: Web server is slowing down login attempts (Protective measure) 100 logons failed since last start of PRTG. Please take a look at the following knowledge base article: http://kb.paessler.com/en/topic/25403" but can't find the detail of where is the source ip...

Created on Mar 18, 2016 3:05:53 AM by  vincent (0)



Votes:

0

Your Vote:

Up

Down

Hi Vincent,

Log onto your PRTG host and open the PRTG Administrator Tool and open the Log Folder via the Logs & Info tab.

The webserver log files will be written into the Logs (Web Server) folder. If you then open one file, you will find the source IP address of the failed logins (it's the first IP listed after the time stamp).

Best regards, Felix

Created on Mar 18, 2016 12:04:04 PM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi,

When I check the logs all the failed logins are from local.

127.0.0.1 "anonymous-prtgadmin-login_failed"

What can I do about this?

Created on Sep 2, 2016 1:46:52 AM by  philco (0)



Votes:

0

Your Vote:

Up

Down

Hi philco,

Check the system tray on your PRTG server. This looks very much like there's PRTG's Enterprise Console running in the background and using outdated credentials to access PRTG. Update the credentials configured there or close Enterprise Console, then the failed login attempts will stop.

Kind regards.

Created on Sep 2, 2016 7:54:10 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

May I suggest implementing ReCaptcha? Provides better protection than a delay.

Created on Sep 27, 2018 3:51:57 PM by  mwiseley (0)



Votes:

0

Your Vote:

Up

Down

Hello mwiseley,

Sure, please see here if you like to propose this as a feature request, other users can vote on it as well then.

Kind regards,

Erhard

Created on Sep 28, 2018 9:11:24 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

C:\ProgramData\Paessler\PRTG Network Monitor\Logs (Web Server)

I have an Overload Protection mode activated and want to understand what's goind wrong, this directory has only outdated Logs, no files with fresh dates. Where i can find the logs with failed login attempts?

Created on Nov 9, 2018 11:31:15 AM by  Vasiliy (42) 1



Votes:

1

Your Vote:

Up

Down

Hello Vasily,

If you've updated PRTG recently, the log paths have changed a bit, you find them now here: C:\ProgramData\Paessler\PRTG Network Monitor\Logs\webserver

Today's webserver log is named "WebServer.log", older ones carry the date in the filename.

Kind regards,

Erhard

Created on Nov 9, 2018 11:43:01 AM by  Erhard Mikulik [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.