What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Syslog messages arriving on PRTG network, but not appearing in PRTG syslog sensor

Votes:

0

Your Vote:

Up

Down

Hi folks. My Pulse Secure device is sending UDP 514 syslog traffic correctly and I can see the stream of messages on the PRTG server in Wireshark, but they never surface in the syslog sensor. I've removed all the filters from the syslog sensor and tried everything I can think of. Any ideas? Thanks

pulse-secure syslog wireshark

Created on Jun 16, 2022 11:58:56 PM by  Dunedin (0) 2



6 Replies

Votes:

0

Your Vote:

Up

Down

Hello Dunedin,

did you create the sensor on the probe device, or on another device object?

The latter would imply an input filter using the device address. Could that be the issue here?

Created on Jun 21, 2022 4:54:42 PM by  Arne Seifert [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Arne, I've tried creating it on the probe device and on the Pulse Secure device object (configured using IP address). Neither one receives any messages from the Pulse (probe device sensor gets messages from everywhere else, but not the Pulse device).

Syslog sensors

Wireshark

Pulse Secure

Created on Jun 21, 2022 10:00:09 PM by  Dunedin (0) 2

Last change on Jun 28, 2022 3:01:38 PM by  Arne Seifert [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi, I tried on both. No messages from the Pulse on either.

Created on Jun 23, 2022 1:07:35 AM by  Dunedin (0) 2



Votes:

0

Your Vote:

Up

Down

Hello,

do you operate multiple probes in PRTG?

Please also check if the syslog collector is running. For this, go to the web interface, open Setup / System Administration / Administrative Tools. Scroll down to the probe tools and perform the function "Write Probe Status Files".

Once that is done, go to the computer running the probe. Open "C:\ProgramData\Paessler\PRTG Network Monitor\Logs\debug", where among other debug snapshots a file for the syslog collector gets created.

Created on Jun 27, 2022 7:36:21 AM by  Arne Seifert [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Arne (sorry). We have a single PRTG probe. Here's the syslog debug log file:

****** Collector Port 514 Collector on Port 514 UDP Packets: 459762 UDP Packets Dropped: 0 UDP Packets Cut: 0 Free Pool: 50 Buffer: 0 Total: 459762/459762/5000 Processor 1: 83864 -> 32353 (0 errors) Processor 2: 145208 -> 54761 (0 errors) Processor 3: 85130 -> 33045 (0 errors) Processor 4: 145560 -> 54455 (0 errors)

* No Device Filter

UDPSensor id 4659 Storage: Count: 0 Warning: 0 Error: 0 id: 4659 size: 0/0/10240 Include: source[192.168.50.200] Exclude: Warning: severity[4] Error: severity[0-3]

* for 192.168.50.200

UDPSensor id 4658 Storage: Count: 0 Warning: 0 Error: 0 id: 4658 size: 0/0/10240 Include: Exclude: Warning: Error:

****** Collector Port 17273 Collector on Port 17273 UDP Packets: 0 UDP Packets Dropped: 0 UDP Packets Cut: 0 Free Pool: 50 Buffer: 0 Total: 0/0/5000 Processor 1: 0 -> 0 (0 errors) Processor 2: 0 -> 0 (0 errors) Processor 3: 0 -> 0 (0 errors) Processor 4: 0 -> 0 (0 errors)

* No Device Filter

* for 192.168.50.200

UDPSensor id 4658 Storage: Count: 0 Warning: 0 Error: 0 id: 4658 size: 0/0/10240 Include: Exclude: Warning: Error:

Created on Jun 27, 2022 8:43:20 PM by  Dunedin (0) 2



Votes:

0

Your Vote:

Up

Down

Hello,

the probe device sensor seems to have an input filter? Could you remove that, setting it to "any"?

If it still does not work, could you check if those are syslogs supported by PRTG? PRTG can receive any kind of syslog according to the "BSD Syslog Protocol" (RFC 3164) and the "Syslog Protocol" (RFC 5424).

Created on Jun 28, 2022 5:13:08 PM by  Arne Seifert [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.