What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Syslog Error Filter Help

Votes:

0

I'm wanting to use the Syslog sensor but am having a hard time getting the sensor to trigger as an error for specific messages. I have an Untangle box pointed to my PRTG server for syslog. I'm trying to send a failed login attempt and have it trigger an error state in the Syslog sensor so I can generate an email letting me know when someone fails a login (once I get a few random things like this figured out I'm going to rollout more devices to use the syslog sensor).

The message coming from Untangle includes "AdminLoginEvent", and I'd like to adjust the error filters to account for that part of the message. However, nothing I've done has triggered the senor into an error state. The filter examples aren't very helpful so I've tried many combinations and still haven't had it trigger properly. Right now all of the default filters are present.

filter syslog untangle

Created on May 7, 2018 9:46:49 PM



4 Replies

Votes:

0

Hi there!

So you are receiving Syslog messages with your Sensor, but the triggering of an Error is not working properly.

What did you put into the Error Filter? Please try to use "message[AdminLoginEvent]" without "" as Error Filter, does this work?

Please also refer to the following links for an overview and further explanations on how to configure and use the Syslog Sensor:
https://www.paessler.com/learn/videos/prtg-advanced/syslog-receiver https://kb.paessler.com/en/topic/153 https://www.paessler.com/manuals/prtg/syslog_receiver_sensor

If this didn't help with your problem, please send us the following uncropped screenshots to [email protected]:
- Screenshot of the sensor's "Overview" tab
- Screenshot of the sensor's "Log" tab
- Screenshot of the sensor's "Settings" tab

Thank you!

Kind regards
Andreas Günther, Technical Support

Created on May 9, 2018 1:30:22 PM by Andreas Günther [Paessler Support]



Votes:

0

I've tried a bunch of combinations in the Error filter section. I want to leave the default "severity[0-3]" AND have the rule you gave, but no combination ever seems to work. I just tried "severity[0-3] OR message[AdminLoginEvent]", which didn't work, nor did "severity[0-3] message[AdminLoginEvent]" without the "OR". I've tried with AND and commas, but I can't seem to get multiple rules to work in the Error section. I actually just tried it with only "message[AdminLoginEvent]" and it didn't trigger. Maybe something else is wrong somewhere. Any ideas?

Created on May 9, 2018 4:07:58 PM



Votes:

0

After leaving the setting in (Just the "message[AdminLoginEvent]" part) it did in fact finally flag an error event. It didn't do it the first time I tried, but an hour or so later it did work. I'm still not sure how to combine it with the default "severity[0-3]" and still have it work though.

Thanks!

Created on May 9, 2018 5:20:51 PM



Votes:

0

Hi!

At this point I'd like to continue with your inquiry in a dedicated Support Ticket.

Please forward us a Support Bundle including the system log files for analysis. This can be done via the "Contact Support" ribbon in the lower right corner of the web interface. Please enter this ticket's case number (PAE1035284) when submitting the Bundle.

In addition to that, please send us the following uncropped screenshots to [email protected] (please also refer to the ticket number PAE1035284):
- Screenshot of the sensor's "Overview" tab
- Screenshot of the sensor's "Log" tab
- Screenshot of the sensor's "Settings" tab

Thank you!

Kind regards
Andreas Günther, Technical Support

Created on May 14, 2018 7:04:41 AM by Andreas Günther [Paessler Support]

Last change on May 14, 2018 7:05:29 AM by Andreas Günther [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.