What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

PRTG Syslog - Log retrieval

Votes:

0

Hi folks

I'm running PRTG ver 21.1 on a Windows platform at the moment. I'm trying to retrieve syslog messages from earlier in the year on a specific syslog sensor and I'm finding that PRTG seems to really be struggling to pull this data. This happens across all the other sensors as well.

Most times is just times out (even though I have increased the time out value from default).

Is there a way to optimize these searches or some other trick I can perform to make PRTG perform better? The server itself is not struggling in terms of memory, CPU, threads or HDD I/O etc.

I haven't checked but I'm sure the volume of historical syslog messages stored is very high.

Thanks.

performance prtg syslog

Created on Jun 13, 2023 11:02:39 AM



4 Replies

Votes:

0

The Syslog Receiver Sensor is a passive sensor, PRTG doesnt actively go and poll the SNMP device for syslogs, it listens on a port. Make sure to have less than 50 syslogs sensors, more than that will cause performance issues. Also, you can check in the sensors settings if there are filters, some message can be discarded if they dont meet that filter. There is also a setting to purge old syslog messages after a certain amount of days, to avoid having too much syslog data on the server.

Created on Jun 16, 2023 7:38:21 AM by Jonathan Mena [Paessler Technical Support]



Votes:

0

Thanks for your message.

I'm only running about 5 or 6 syslog sensors with 180 days retention on each. Across all the sensors, I'm probably getting around 2500 to 3000 syslogs per second. Each sensor has specific filters to only grab syslogs from specific sources. All of that works fine.

The problem comes in when I want to go and view (look for specific entries in the syslog on one sensor). I would search using a specific filter (a MAC address in the "message" field for example) but most times the search times out before any data is returned.

This makes PRTG non-functional as a syslog server in my opinion because if I can't go back and search through syslogs then why bother keeping the syslogs.

As mentioned in my original post - I've tried extending the timeout values etc but still no joy so I'm looking for any other tips or tricks to help PRTG return the historical data in my syslogs.

Created on Jun 23, 2023 7:18:56 AM



Votes:

0

The PRTG Syslog Receiver Sensor is not to be used as a syslog server. The main purpose of this sensor is to recieve messages and generate alerts from PRTG based on filters that you add to the settings.

This way you can set the sensor as Warning or Down based on what messages it receives. It is not a syslog server because the amount of logs it can store is quite limited. And there is no way to export, filter or search on these messages, you can only see the messages on the PRTG interface. Therefore we don't recommend to use it as your primary syslogger.

Created on Jun 28, 2023 12:49:15 AM by Jonathan Mena [Paessler Technical Support]



Votes:

0

Thanks for your reply. I agree with your summary. I have expected a little too much from the Syslog sensor, I suspect. It just works so well but you are right, it's just not a dedicated syslog server and that is where my needs have evolved to. I have since, spun up a Graylog Open server and I must say I can highly recommend it for anyone needing a dedicated syslog server platform. Anyway, thanks again for your inputs. I appreciate your time.

Created on Jun 29, 2023 6:02:11 AM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.