What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Filter certain syslog messages while still saving them

Votes:

0

I have a Cisco Catalyst 2960 switch sending syslog messages to PRTG. I would like to stop getting alerts on interface UPDOWN events (i.e. if a computer is rebooted, powered off, unplugged, etc.).

The default configuration of the PRTG Syslog sensor is:

Include: severity[0-6]
Warn on: severity[4]
Alert on: severity[0-3]

Some of these UPDOWN messages come with severity 5 and some are severity 3. This means sometimes they cause sensor failures, and other times they don't. I'm not sure why Cisco sends them with 2 different priorities. Will need to do some research there.

I would like to exclude the UPDOWN messages from causing Alerts (in the cases where the severity is 3). How can I do this while still:

  1. Receiving an alert for all other severity 0-3 messages
  2. Still logging/saving the UPDOWN messages? (retaining these messages can be highly valuable for retroactive troubleshooting).

Thanks in advance for your help with this.

- Doug

exclude log syslog

Created on Oct 20, 2016 4:44:08 AM

Last change on Oct 24, 2016 5:37:37 AM by Luciano Lingnau [Paessler]



5 Replies

Votes:

0

How exactly does the UPDOWN message look? We could simply add it to the error filter like this: (severity[0-3] AND NOT message[UPDOWN])

Created on Oct 21, 2016 12:29:39 PM by Stephan Linke [Paessler Support]



Votes:

0

Stephen,

Thanks for your recommendation. Your solution of using the "AND NOT" logic worked perfectly. I am using your syntax verbatim.

Created on Oct 21, 2016 9:24:40 PM



Votes:

0

Glad it worked out :)

Created on Oct 24, 2016 5:43:51 AM by Stephan Linke [Paessler Support]



Votes:

0

Hello - This is my exclude filter but it does not filter the messages: (severity[6] AND message[%FMANFP-6- ]) but it does not work. I want all the syslog messages which start with %FMANFP to be excluded.

Created on Jun 25, 2020 3:28:22 PM



Votes:

0

Would using only FMANFP work as well? The filter does a substring search and it may be sufficient to check for that?

Created on Jun 26, 2020 6:41:24 AM by Stephan Linke [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.