What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

Eventlog: Security: Failed Logins incorrect reporting



I have a WMI sensor configured to log Security Audit Failures. From time to time it appears to report literally billions of new records (volume) but the actual event log on the windows server this sensor is monitoring has no login failure events.

Is there a bug in this sensor or could it be misconfigured? I'm unsure how to upload screenshots here so apologies for the lack of images.

eventlog prtg wmi

Created on Jun 27, 2018 3:53:32 PM

2 Replies



Here are some screenshots of the sensor configuration and the data being

Basic Sensor Settings

Filter Event Log Entries

Raw data

Event Viewer showing no such events in the log at the time of the PRTG logging hundreds of millions of new events.

Event Viewer

Created on Jun 28, 2018 8:50:25 AM



The easiest way would probably be to enable the spike filter for all channels of the sensor. This usually happens when PRTG receives a messed up (i.e. too large, negative, invalid) value and trips the internal calculations, resulting in values that large.

Kind regards,
Stephan Linke, Tech Support Team

Created on Jun 28, 2018 10:12:12 AM by  Stephan Linke [Paessler Support]

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.