We are locking for an Monitoring System wich is abel to send us messages, when we are attackt by an Hacker or something like that. NOw we are trying to do this with the Syslog of our Firewall.
Now with PRTG we are able to Monitor this Syslog. If an attack was block from our Firewall we can see in the Syslog an new entry wich inclouds "block" with this parametert we are able to configure the Syslog. Now we want that the Sensor just send en Error if there are like blocks from the same IP-Adress (external) over 1 hour. So if i ping the external IP-Adress off the Firewall (ICMP is blocked) it shouldn't send us directly an error message, but if i ping the firewall over 1 hour it should sent me an message.
Have someone an idea how i could prepear this or is it even possible?
Kind regards an thank you for answer