SNMP

Monitoring relative printer page counts with PRTG

Monitoring relative printer page counts with PRTG

PRTG has many standard sensors, but one I was always missing is a daily page count compare. The standard printer sensor gives you a total page count – but this to some extend will always be a graph that only will go up. You can only estimate the total page counts in those graphs.

If you ever looked in to the IT Assets database project, you will see that in the Printers area there is a possibility to enable detailed graphs for relative page counts.

Why is this important you might wonder. The answer is simple, as an IT Manager you need to know if a certain kind of a printer makes sense at a certain location. If you have a low end printer for only casual print-outs but you have a total over e.g. 10,000 pages printed every month, you might need to reconsider the printer model. The reasons would likely be:

  • higher cost per page
    • constant toner exchange of a compared more expensive toner cartridge
  • maintenance cost
    • you might need to constantly maintenance the printer
    • the cost for the maintenance kit are relatively high
  • downtime issues
    • due to toner empty
    • printer needs maintenance again
    • less pages in paper tray

On the other hand, a printer might also be overkill for a certain area and not be cost efficient. Those conditions also might change over time of course. Further is there often the question – is a single area printer (copier) better or multiple smaller printers. This of course can go pretty far and you want to consider Lean processes, Six Sigma guidelines and others along with this data.

How ever, I started a first draft of a script that provides me at least the total page count relative to each day in PRTG. This sure is not as efficient yet as I do this in the IT Assets database printer module, where I collect data e.g. every 30 minutes in a huge table and then later calculate all the data in a daily range respective monthly range while collecting total page counts and possibly counts per copy vs. print outs and additionally color vs. black and white print. But at least it is a start.

Below you find the first draft of this script.

One thing to know – you will need to run the following command in order to install the PowerShell SNMP module on your PRTG probing server:

The current version of the PRTG script:

PRTG and Cisco ASA VPN monitoring

PRTG and Cisco ASA VPN monitoring

The default PRTG sensor for VPN connections on a Cisco ASA has a limited of 50 users connected, actually less. This is due to the limit of 50 channels per sensor.

These days IT departments everywhere likely exceed 50 VPN users everywhere.

Since I do not need to know who is connected, rather then the amount and load on the FW, I came up with a simple sensor and MAP in PRTG to show me the essentials.

Add a snmp custom sensor to your FW in PRTG and use the OID

  • 1.3.6.1.4.1.9.9.392.1.3.1.0

This will give you a number of VPN connection. I am not 100% certain about the OID only being used for Cisco AnyConnect or other VPNs as well. I found it as a valid SNMP OID as I only use Cisco AnyConnect and my VPN tunnels aligned with this number.

Further did I add sensors for CPU / RAM and on the external interface of the FW to the map in PRTG to see the overall status and load.

Detailed information on the bandwidth are a different story, since this is more a passive point in time configuration, I don’t pull that in this map – I care about an average load picture not single pikes that only are temporarily. For this I have different approaches and sources. Mentioning this only for the big picture and cause you need to be aware of that.

Hope some find this helpful.

If you want the users that are online and offline – what is actually a big of a questionable thing due to data privacy concerns and a user not always needing to be on VPN in order to do work – you could create scrips to access more detailed SNMP data and balance this in various sensors. This is possible, but I do not recommend it. Another approach would be using the TEXT value in XML sensors and put the info there. Still, I think you might get to much data and need to ask yourself if this is even something you should collect/monitor.

Here a picture of my map as we barely started getting more home office people online.

PRTG Cisco ASA VPN users

PRTG Cisco ASA VPN users

Backlink to the Paessler PRTG KB, where this was discussed as well: https://kb.paessler.com/en/topic/64053-my-snmp-cisco-asa-vpn-users-sensor-shows-a-user-limit-error-why-what-can-i-do

APC InRow A/C error monitoring with PRTG

APC InRow A/C error monitoring with PRTG

It is rather hard to get valuable alarm monitoring from an APC InRow air conditioning unit. The APC A/C’s are a real pain when it comes to this, it might even be that this same principle applies to APC UPS units, but I did not have yet time to test this out.

What I really wanted is a way to monitor alerts that the unit reports. Doing so seemed to be fine with a simple SNMP sensor in PRTG but the real challenge was getting the alert text. Now, there are SNMP channels but they are only available when an alert is ongoing, meaning when there is no alert status the whole OID fails.

To compensate this, I ended up writing a simple PowerShell script that interprets the SNMP OID results, even ignores a certain failure cause I didn’t care about it, and reports back the results as a total error count (set the channel to ErrorLimit = 0 in PRTG) and if there are Errors it will write them to the text.

This is an Advanced EXE script that needs to reside in the following path:

It expects the parameters for community and IP-Address

The results of the script will always hold the top 4 error messages, but it will exclude the phrase “No Backup Units Available Alarm” from the error count – cause in certain setups like hours there are multiple units but they are not necessarily clustered – this is not a full alarm rather then a warning in my case. Feel free to adjust this in the script if you want to raise the error. You could simply remove / remark the following line:

Here a picture of a real world alarm respective issue with the APC InRow A/C in PRTG generated by the script

SNMP was deprecated

SNMP was deprecated

Microsoft deprecated the SNMP in Windows 2012 (R2). As of Windows 10 1809 respective Windows 2016 this feature is pretty much hidden. The decision likely was made due to security risks related to SNMP, in any case – as of right now it is still available if you really need it – but not via the good old Control Panel – Add Remove Features function. The following should even work on Windows 2019, since there is no indication that Microsoft finally removed the feature itself.

The following link is for Windows Server 2012 (R2) – it clearly states that SNMP is deprecated: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11)

Windows client and server operating systems share the same kernel in the background – for the most part.

Alternate ways to enable the feature:

  • using Apps & Features will help you getting SNMP via Optional Features
    • then use Add a feature
  • PowerShell commands:
    • Either those commands
    • or the following version of commands
  • or you use DISM on a command prompt

In all cases – you will run in to an possible issue if you use WSUS – you might need to temporarily bypass it in order to install this feature. It is possible that you need to restart the Windows Update service on the system for this setting to take effect.

  • Open Regedit and adjust the following key

It is pretty obvious that this feature will be removed at one point – but  as of now it is still available.

Let’s talk about a few things in regards to SNMP on Windows – or even in general when it comes to all your switches, firewalls, routers and other network components.

  • using SNMP on a Windows OS is a potential security risk – actually – SNMP itself is in general, cause it is standardized in often not locked down while having as well just limited security features
  • I personally don’t see a reason to use SNMP to monitor a Windows Server – the system itself can easily be monitored by WMI and other methods – that might have pro’s and con’s – but it generally works
  • There are circumstances then you need SNMP enabled – I had this while coming across mostly UPS software that only allowed to interact with it via SNMP – the UPS itself was connected per USB and the software on a Windows server/client allowed no API calls or similar – you had to enable SNMP on Windows and then use SNMP through Windows to grab data for e.g. UPS monitoring
    • having said this – this is actually a flaw by the vendor in such a case and should by addressed with the vendor
    • there is possibly more then just an UPS software that does behave like this