monitoring

PRTG and Cisco ASA VPN monitoring

PRTG and Cisco ASA VPN monitoring

The default PRTG sensor for VPN connections on a Cisco ASA has a limited of 50 users connected, actually less. This is due to the limit of 50 channels per sensor.

These days IT departments everywhere likely exceed 50 VPN users everywhere.

Since I do not need to know who is connected, rather then the amount and load on the FW, I came up with a simple sensor and MAP in PRTG to show me the essentials.

Add a snmp custom sensor to your FW in PRTG and use the OID

  • 1.3.6.1.4.1.9.9.392.1.3.1.0

This will give you a number of VPN connection. I am not 100% certain about the OID only being used for Cisco AnyConnect or other VPNs as well. I found it as a valid SNMP OID as I only use Cisco AnyConnect and my VPN tunnels aligned with this number.

Further did I add sensors for CPU / RAM and on the external interface of the FW to the map in PRTG to see the overall status and load.

Detailed information on the bandwidth are a different story, since this is more a passive point in time configuration, I don’t pull that in this map – I care about an average load picture not single pikes that only are temporarily. For this I have different approaches and sources. Mentioning this only for the big picture and cause you need to be aware of that.

Hope some find this helpful.

If you want the users that are online and offline – what is actually a big of a questionable thing due to data privacy concerns and a user not always needing to be on VPN in order to do work – you could create scrips to access more detailed SNMP data and balance this in various sensors. This is possible, but I do not recommend it. Another approach would be using the TEXT value in XML sensors and put the info there. Still, I think you might get to much data and need to ask yourself if this is even something you should collect/monitor.

Here a picture of my map as we barely started getting more home office people online.

PRTG Cisco ASA VPN users

PRTG Cisco ASA VPN users

Backlink to the Paessler PRTG KB, where this was discussed as well: https://kb.paessler.com/en/topic/64053-my-snmp-cisco-asa-vpn-users-sensor-shows-a-user-limit-error-why-what-can-i-do

PRTG and VMware 6.7 vCenter host hardware status

PRTG and VMware 6.7 vCenter host hardware status

The following script was created to bypass an issue in the SOAP API in relation with VMware, hardware vendor drivers and PRTG. In any case, you could use the same script for other monitoring systems or any other purpose – of course while adjusting it to your needs.

You can find more information about the issue here: https://kb.paessler.com/en/topic/82458-vmware-host-hardware-status-soap-sensor-returns-warnings-after-update-to-vmware-6-7

In order to make this work you need to install the VMware PowerCLI PowerShell extension on the PRTG probe server. Further will you need to inject username and password as well as the vCenter name and internal hostname in vCenter.

LDAP authentication activated targets:

  • $host %host “%windowsdomain\%windowsuser” “%windowspassword”
  • $host %host.domain.local “%windowsdomain\%windowsuser” “%windowspassword”

Otherwise – you might need to use this format:

  • $host %host root MyRootPW

Test it in PowerShell as the Probe-User first – you should see the results. Eventually the script create a sensor with multiple channels – sensors in GREEN status will be counted only – sensors in UNKNOWN status will be counted and returned as text, while as long as no YELLOW or RED status (warning or error) occurs, the sensor still stays green/okay. Warning or Error levels will automatically apply and have the problematic hardware systems in the sensor message text.

My first attempt was to show all channels on top of the summary – due to getting over 100 separate hardware statuses back and the limitation in PRTG of 50 channels per sensor, I dropped the idea – while the script still has all the code to handle it.

 

APC InRow A/C error monitoring with PRTG

APC InRow A/C error monitoring with PRTG

It is rather hard to get valuable alarm monitoring from an APC InRow air conditioning unit. The APC A/C’s are a real pain when it comes to this, it might even be that this same principle applies to APC UPS units, but I did not have yet time to test this out.

What I really wanted is a way to monitor alerts that the unit reports. Doing so seemed to be fine with a simple SNMP sensor in PRTG but the real challenge was getting the alert text. Now, there are SNMP channels but they are only available when an alert is ongoing, meaning when there is no alert status the whole OID fails.

To compensate this, I ended up writing a simple PowerShell script that interprets the SNMP OID results, even ignores a certain failure cause I didn’t care about it, and reports back the results as a total error count (set the channel to ErrorLimit = 0 in PRTG) and if there are Errors it will write them to the text.

This is an Advanced EXE script that needs to reside in the following path:

It expects the parameters for community and IP-Address

The results of the script will always hold the top 4 error messages, but it will exclude the phrase “No Backup Units Available Alarm” from the error count – cause in certain setups like hours there are multiple units but they are not necessarily clustered – this is not a full alarm rather then a warning in my case. Feel free to adjust this in the script if you want to raise the error. You could simply remove / remark the following line:

Here a picture of a real world alarm respective issue with the APC InRow A/C in PRTG generated by the script

Summarize SQL server database file size information as a single row

Summarize SQL server database file size information as a single row

The SQL script below will show you the summarized database file size and database log file sizes on the current database. This can be helpful to monitor the actual file sizes in a single row / line.

This script was also posted in the Paessler PRTG KB, where the initial request for this came up. Posting it here cause I think it can become useful for some. The initial code used and modified is from Tri Effendi SS of stack exchange.

You will need to adjust the USE statement in the first line to the database you want to gather the information from.

 

Using PRTG to monitor manufacturing machines

ns a website from a systems administrator for systems administrators Home IT-Admins CMDB IT-Admins tool IT Search EOL Solutions Blog Contact Links Using PRTG to monitor manufacturing machines

This is a screenshot of the real-time data map of the PRTG instance that is used to monitor the data collected by the Raspberry PI and processed by PRTG to show how the progress of the production machine in manufacturing

A few weeks ago Paessler published on their blog an article I was part of that talked about a case study and implementation of how to use PRTG to real-time monitor a manufacturing machine / production machine while engaging a Raspberry PI.

The article describes what Dominik Wosiek and I implemented to monitor a manufacturing machine in real time. He started using a Raspberry PI and added eventually some magnetic field sensors to the machines robot arms to detect their movement. The data those sensor collected is interpreted by a script on the Raspberry PI and then send off to various HTTP push sensors on a free Paessler PRTG installation (we needed way less then 100 sensors and wanted to keep the installation independent).

On the PRTG instance, the data is of course collected and PRTG creates various graphs for us. We further added a PowerShell script that calculates the past time of the day. Due to us knowing the work-windows of the manufacturing department and how many parts are their daily target, we where able to use a Sensor Factory Sensor in PRTG to do some calculations and eventually show how the machine and the group controlling it was doing while comparing the output of parts relative to the time of the day – respective work hours past.

Above is an example configuration of the Sensor Factory Sensor in PRTG. We defined four channels:

  1. Production time passed in percent [%]
    1. this sensor pulls the passed time in minutes from the PowerShell Script sensor we created, it then does some math – the formula looks like this
      1. (passed minutes of the day – minutes passed when manufacturing starts) / (minutes passed when manufacturing ends – minutes passed when manufacturing starts) * 100 (to get percent)
      2. what it does in the example above:
        1. pull the passed minutes from the foreign sensor
        2. calculate 8 hours times 60 minutes (start of the day)
        3. subtract start time from passed time of the day (at 10 AM we would end up with 120 minutes)
        4. divide it with 17 hours times 60 or 5 PM in minutes of the day minus 8 AM minutes of the day – this gives you the total minutes between 8 AM and 5 PM – what is the defined manufacturing work time window
        5. multiply the result with 100 to get a percent value that shows the past time relative to the total work time window
  2. Part output vs. time [%]
    1. while the formula seems to be longer – it does nothing else then the using the same formula described in channel 4 minus the formula described in channel 2
    2. in other words – the value of part output in percent minus the value of work time passed in percent
    3. this results in either 0% – meaning the output is exactly at where they should be relative to the time past, or a negative number meaning the output is falling behind while a positive number would mean the part output is higher then expect relative to the time
      1. Note: this is all a bit relative, it might start negative in the morning, catch up to a positive number before lunch break, falling back to a negative number and then catching up to zero by the end of the day.. it depends on various factors but is a pretty good indicator
  3. Part output count
    1. this just loads the foreign channel of another sensor to show it in the same table/graph
  4. Part output in percent [%]
    1. while 25000 is the daily target amount of produced parts, this channel calculates how much of this was accomplished in percent while dividing the current count with the target count

Here is the script that I created to inject the minutes of the day in to a PRTG sensor – this is above used in channel(2323,2) within the formula.

Further details are described in the blog entry on the Paessler web site.

Auto-Cycle through URLs

Auto-Cycle through URLs

Our challenge was to have several Paessler/PRTG MAPs (www.paessler.com) cycling through a TV in the IT room. We did not want to have just one static MAP at all. This was originally posted by myself here: https://kb.paessler.com/en/topic/79668-prtg-maps-auto-cycle

In order to accomplish this – we created a simple HTML file with some JAVASCRIPT code that runs through several URLs you easily can specify. Per URL there is a timeout value. Further is there a company logo that will be displayed while a MAP is loading, that will fade out and actually make the MAP visible.

The HTML code including the JavaScript is below – here are some things I wanted to explain and share about it.

Line 6 – to the end: src=”bgpicture.png” This can be replaced by any other file-name – simple use a LOGO here that you want to see while the MAP is loaded – it will fade out

Line 11 – 21 – those lines hold the URLs in var Source=[] – add a line per URL you want to cycle through, each URL has the same format as follows. Please MAKE SURE that the last URL entry is not followed by a comma “,” otherwise the script might fail to cycle.

Entry format:

  • ‘URL’,timeout,showBGfading,’title’
  • URL in text-marks
  • timeout in seconds
  • show background picture/logo fading out – 0 (do not show) or 1 (show and fade)
  • title/description in text-marks

Example: ‘https://prtg.company.local/public/mapshow.htm?id=1111&mapid=ABCDEFGH-1234-ABCD-1234-123456789000′,60,1,’Network Map’,

This would mean:

  • URL = https://prtg.company.local/public/mapshow.htm?id=1111&mapid=ABCDEFGH-1234-ABCD-1234-123456789000
  • timeout = 60 seconds
  • bgpicture = 1 – start with BGPicture from the HTML code and let it fade out (fades the map in)
  • Title/Description = Network Map

We simply load the HTML file in the browser and display it as full screen – avoiding any browser title-bar etc.

Features:

  • you will see a timeout counter in the upper right – this shows you how much longer the current view will be available.
  • you will see a title/description in the upper left while the element was loaded – it will slowly (slower the bgpicture) fade out – you can use any text there – per URL
  • you might or might not see the BGPicture element – fading out – depending on your URL configuration – we found it worked out nicely cause we didn’t want to see a …load map data… or anything and have a smooth transition between the maps..
  • we set timeouts per MAP like 60 seconds etc. – so we a) cycle quick enough and b) have enough time to look at the data shown to us
  • you can use the LEFT and RIGHT arrow key on your keyboard to jump to the previous or next URL while you execute the HTML file (if not randomized)
  • the up/down arrow keys allow you to show/hide a menu of all links available, this then allows you to click on a specific item in the list and show this specifically – the list is always generated on the fly – this prepares for future adjustments like showing where you are right now…
  • added a feature for to PAUSE the script – press P to stop the cycle any time
  • added a randomization – you can activate it and any of the URLs will be accessed randomly – if it is disabled, the script will cycle through the URLs as defined
    • var bolRandomize=true;

For fun – or how to add a few Easter Eggs:

  • you can use any file (we use MP4 and GIFs) to be displayed as well – our URL list is rather long – mostly just going through the same URLs but every now and then showing briefly a little IT joke in between – of course it depends a bit on your company – how ever – wanted to mention that we even like to do that for a short 5 seconds period.

Updated – December 2018: This is version 2.0 of the script. Updates are some minor bug fixes and mainly the ability to scroll forward and backward through the URLs while using the left and right arrow keys on you keyboard. Additionally do the up/down keys show or hide a complete menu of all links that are cycled through.This then allows you to click on a specific link to show the content.

Updated – April 2019: Version 3.0 of the script has now a PAUSE feature and a randomization feature that you can enable/disable.

Notes as per May 2022: Did not change the script but wanted to make you all aware that you might run in to issues with X-FRAME-OPTIONS set to SAMEORIGIN. This can be investigated while using your browsers developer tools (F12), you should see script errors revealing this issue. Eventually it boils down to some pages not loading (e.g., https://www.google.com) due to them not allowing to be embedded. You can see if the page offers special embedded links/URLs or try to use a proxy-script that feeds to page to the iFrame. At this point I can not offer a good working solution, the script was designed to load Paessler PRTG MAPS and this is still working just fine. Using the script beyond this purpose might work or not due to the target page settings and configurations.