What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Use Syslog Sensor to detect an Hack

Votes:

0

Hi

We are locking for an Monitoring System wich is abel to send us messages, when we are attackt by an Hacker or something like that. NOw we are trying to do this with the Syslog of our Firewall.

Now with PRTG we are able to Monitor this Syslog. If an attack was block from our Firewall we can see in the Syslog an new entry wich inclouds "block" with this parametert we are able to configure the Syslog. Now we want that the Sensor just send en Error if there are like blocks from the same IP-Adress (external) over 1 hour. So if i ping the external IP-Adress off the Firewall (ICMP is blocked) it shouldn't send us directly an error message, but if i ping the firewall over 1 hour it should sent me an message.

Have someone an idea how i could prepear this or is it even possible?

Kind regards an thank you for answer

Sandro

filtering syslog syslog-recevier syslog-sensor

Created on Oct 14, 2019 7:02:16 AM



1 Reply

Votes:

0

Hi there,

Unfortunately, PRTG is not an IDS (Intrusion Detection System) or IPS (Intrusion Prevention System), therefore it can't detect rogue network activity.

Best regards.

Created on Oct 14, 2019 9:57:44 AM by Dariusz Gorka [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.