The network monitoring toolPRTG by Paessler runs on aWindows server in the networkand gathers data from themonitored systems usingtechnology like SNMP, Syslogand WMI. Using this technologyeliminates the need to installagents on individual networkcomponents. All informationlands in a high­performance,central database and is used totrigger alarms if failures orunusual events occur, createreports and perform long­termanalyses and comparisons to thecurrent performance values.

PRTG operates with a web­basedmanagement interface, as well aswith probes and sensors. TheAjax­based managementinterface displays monitoringdata and enables configuration ofthe solution. The probes collectthe information in the networkand send it to the PRTG server.One can use a single probe on thesame server as the managementinterface or multiple probes canbe strategically distributed withinthe network to optimize theperformance and integrateremote networks in themonitoring environment. Lastly,the sensors are interfaces tospecific services that providedata, such as SNMP, WMI and

packet sniffing, as well asNetFlow, jFlow and sFlowcomponents. In other words, theyquery data from the monitoredservices, applications or devicesand forward the information tothe probes.

Paessler currently offers morethan 190 sensors, which cover allaspects of network monitoring.Among these are sensors thatmeasure bandwidth usage,sensors for Linux, Mac andWindows computers, sensors for

Testing: PRTG 14.2.10 by Paessler

Complete Control for AdministratorsDr. Götz Güttich

The newest version of PRTG, the monitoring solution by Paessler, comes equippedwith many new sensors, including sensors for Microsoft Exchange and receiving

Syslog and trap messages. Additional apps for Android, iOS and Windows Phoneare included, as well as a new ticket system. We took a close look at the

product in our testlab, paying special attention to the new functions.

1

file servers andvirtualenvironments and sensors fordatabases, mail servers, VoIPsolutions and IPv6. In manycases, the sensors also have so­called “channels”. These deliverdetailed information regardingthe components monitored by thesensors. In this way, a sensor thatmonitors the CPU usage on aserver includes a channel for the

total CPU usage, as well aschannels for the usage of theindividual processors and theirrespective cores in the server.

Implementing PRTGImplementing PRTG is as easy asdownloading the installation filefrom the manufacturer’s websiteand installing it on a Windowssystem with network access tothe components that should bemonitored. According to themanufacturer’s information,PRTG runs on all Windows clientand server versions from

Windows Server 2003 andrequires one GByte RAM. Weused a Windows Server 2012 R2with 4 GByte RAM and a quadcore CPU with 2.6 GHzprocessor speed.

PRTG is ready to use as soon asthe installation is complete.Paessler delivers a free, full­function demo version with a

limited sensor count (10 sensors),which can be extended to includemore sensors by purchasing alicense. After logging in to themanagement console, theConfiguration Guru helps withthe initial configuration of thesolution.

This guru asks you for importantinformation including domainnames and the login data thatPRTG should use to collectinformation from the monitoredsystems. The guru can alsoexecute a network scan and add

devices found by the scan to thePRTG monitoring environment.The scan found all existingdevices in our test network andwas even able to add the mostimportant sensors; for example,sensors that monitor Windowssystem values. Theseautomatically created defaultsensors are more than sufficientfor most computers. However,application monitoring does needto be set up by the administrators.The Configuration Guru easilyfound our Windows Server 2012­based Exchange Server 2013with Service Pack 1, but it didnot recognize it as an Exchangesolution. Instead, it set up thestandard sensors for monitoring aWindows server. In order tomonitor the Exchange services assuch, the respective sensors mustbe added to the server entrymanually.

To add sensors manually, simplyclick on the device’s entry andselect the option “Add Sensor”.PRTG then shows all sensors thatare offered by the software. Asthere are over 190 entries, thepage seems rather overwhelmingat first. Users who are familiarwith PRTG can search forsensors using key words. This isextremely useful if anadministrator is looking for asensor that s/he knows the nameof. Alternatively, theadministrator may filter thesensors by selecting the type ofmonitoring component (operatingsystem, server, WMI devices,HTTP services, etc.). PRTG thendisplays only those sensors thatare relevant in the selectedcontext. We selected the term‘Mail Server’ and were presentedwith a list of sensors formonitoring IMAP, POP andSNMP services. All Exchange

2

The welcome screen that PRTG shows after login can be customized. Forexample, it can display a status overview or – as shown here – a map with themost important systems in the network.

sensors were included in the listas well. These can be linked tothe Exchange server andconfigured by clicking “Add”.The sensors began workingimmediately.

At this point in our test, weadded the new Exchange sensorsto the monitoring system, whichare based on Powershell queriesand monitor the Exchange

database, public folders, inboxesand Exchange security. Weencountered no difficulties withthese sensors. Thanks to thecomprehensive configurationassistance, setting up PRTGproved to be quite easy. It shouldgo rather quickly – of course,relative to the complexity of thenetwork and number ofadditional applications thatshould be monitored.

The TestIn the next part of our test, weput the apps for Android and iOSunder the microscope. We thendevoted our attention to the newsensors for receiving Syslog dataand SNMP Trap messages, andfinally took a close look at theticket system.

In order to understand exactlyhow PRTG works, we would liketo take a moment to go overworking with the most importantmonitoring techniques. Basically,PRTG presents a tree structurewith the monitored components.The trunk of this structure ismade up of the probes in thenetwork. Under each probe arebranches with the devicesmonitored by the probe. The

administrator can access thesensors for each device under thecorresponding tree node. There isan overview page for each probeor server that shows allcomponents belonging to thatparticular entry. Drill downmenus enable the administratorto call up detailed informationdown to sensor level. PRTGoffers various options to makesure that failures do not getoverlooked. These notify theresponsible staff of failures,sometimes even before thedisruption occurs. For example,sensors that report problems donot only create an entry in anerror log but also generate alerts,such as emails, text messages,Syslog entries or new tickets inthe ticket system.

PRTG displays the values in thesensor overview as numericaldata and creates overviewgraphics for various time periodsas speedometer gauges. The mostimportant values are shown inextra­large displays, so that theresponsible staff can see relevantfacts at a glance. Sensors can alsobe configured here, for example,by setting threshold values, atwhich PRTG should issuewarnings. This is especiallyuseful for notifying staff ofrelatively high latencies innetwork traffic or high processorusage.

Administrators can also create“dependencies” in the sensoroverview. These ensure thatindividual sensors only issuealarms under specific conditions.For example, if PRTG ismonitoring a Microsoft SQLExpress database on a clientsystem that is shut down everyevening, the correspondingdatabase sensor would generatean error every evening aftershutdown, as soon as thedatabase stops responding.

This can be avoided byconnecting the sensor to a Pingsensor, which checks whether asystem is actually running andthen only permits error messagesto be sent if this is the case. Inthis way, the system ensures thatthe IT department isn’t floodedwith unnecessary error messagesevery evening.

Comprehensive report functionsround out the scope of services inPRTG. Automatic reports arecreated that provide an overviewof the status of the devices in thenetwork and can, for example, beregularly sent to the responsiblemanagement persons by email.

3

Adding Exchange sensors to a Windows system

The iOS ApplicationWe’ve now come to the firsthighlight: the new and improvediOS application. This runs oniPhones, iPads and iPod Touchdevices with iOS6 or higher,although push notifications onlywork with iOS7 or higher. On theserver side, PRTG 12 or highermust be implemented. Thisproduct can be installed for freefrom the App Store. Afterdownloading the app, enter thePRTG system address and logininformation to use the app to itsfull extent. If access should beallowed over the Internet as wellas over the LAN, the mobiledevices must be allowed toaccess the PRTG server, forexample via port forwarding or aVPN.

The app always opens to the lastused view and can access theprobes and device entries – justlike in the management console –and call up information on theindividual sensors via drill downmenus. The solution shows thesensor values as well as full­screen statistics and graphics.Should an alarm be triggered, theuser can switch to the affectedsensor with a tap. The app canalso be used to set priorities forthe sensors and set specificsensors as favorites.

The product can do more thanjust show data, it can also beused for active work with PRTG.Users can confirm errormessages and receivenotifications (these can berestricted to specific sensor typesif necessary).

Just like the managementconsole, the iOS app uses colorsto highlight the current status ofthe components in the single

sensor overview. The only thingmissing in comparison to the webinterface is the overview with thegauges. Sensors can be pausedand started with the app similarto the management console aswell.

The sensor overview alsoprovides the opportunity to editsensor settings, view logs, call upcomments and switch to themobile web user interface. Thisinterface displays a variation ofthe web­based managementinterface that has been optimizedfor mobile browsers, over which

the user can communicate withany device via PRTG and thatmirrors the entire servicespectrum of the managementconsole.

The iOS app can also be used toview reports and maps. Maps aregraphic visualizations of themonitored network that show, forexample, which components areconnected, and how. The mapsdo not only show icons thatrepresent the devices, but canalso show alarm lists and other

elements, which provideadministrators with importantinformation at a glance. Similarto the web interface, the appprovides the option to showsensor favorites and to accessTop 10 lists. Again, users are ableto drill down to sensor level,view graphics, configure settings,etc.

Specific source areas can beselected for the Top 10 lists, forexample only Windows Serversor only database systems.Information regarding longest orshortest uptime, fastest or slowest

pings, bandwidth usage, CPUusage, etc. can be filtered anddisplayed. The app provides thisdata for overviews of currentsensor values as well as for theTop 10 lists. Administrators havethe option to view sensorsgrouped according to status (up,down, paused, etc.) and to selectsensors according to tags.Possible tags might be‘bandwidth sensor’, ‘battery’,‘HTTP sensor’, ‘sniffer sensor’and so on. The app also allowsfor direct access to existing

4

The device overview displays the monitored system with the related sensors

alarms. The refresh intervalwhich is used to dictate when theapp updates its data from theserver, as well as the accessaccount, can be customized in thesettings. In this way, the app isable to support working withmultiple accounts. Paessler alsoprovides various tools within theframework of the app. A newping function, access to thePaessler newsfeed, a feedbackdialog and options for scanningQR codes are some of thesetools. PRTG’s web interfaceoffers QR codes that open theapp directly to the correspondingobject’s web page when scanned.The codes can also be printedand attached to server racks, forexample. In the test, the iOS appproved to be extremely useful. Itallowed for – especially on theiPad – very helpful, easy accessto all relevant functions of thePaessler monitoring system.

The Android AppThe new PRTG Android app isvery similar to the iOS version. Itruns on Android 4.0 and higherand requires PRTG NetworkMonitor 13.1 or higher on theserver side. In order to get themost out of the app, Paesslerrecommends PRTG 13.x.4 andAndroid 4.1. The product isavailable for free in the GooglePlay Store.

Access to device and sensor datais available via drill down menus,identical to the iOS app. Thesame statistical data and graphicsthat are included in the Applesolution are available forAndroid. In addition, the Androidapp enables data to be forwardedto other services (Evernote, forexample) in the sensor view. TheAndroid app also offers historicaldata, access options for the logs

and a search function. Evensensor measurements can be rundirectly from within the app. Thespeedometer display is includedas well.

The Android solution alsosupports the PRTG libraries,which enable an alternative viewof the monitored components.For example, all Office systems,all systems with sensors with acertain status, all virtualizationsystems, all computers withspecific bandwidth usages, etc.can be summarized into libraries.By the way – these libraries andthe ticket system will beintegrated in the next version ofthe iOS app.

The update interval can be set upin the App settings. It is alsopossible to specify that graphicsshould only be loaded whenrequested, which is useful forWAN connections with limiteddata volume. The tools in theAndroid app include options forscanning QR codes andexecuting pings but there are alsoadditional tools like traceroute

and others that allow you, forexample, to check networkconnectivity of a database thatyou use to translate MACaddresses to manufacturers.

An important highlight of theAndroid app is the widgets.Widgets can be placed on thehome screen of Android deviceswhere they display currentinformation, such as new emails.With the PRTG app, the user hasaccess to all sensor values,graphics, alarms and statusdisplays as widgets in table orspeedometer gauge form. Tocreate a widget, simply tap on thedesired value in the app, select‘Use as a widget’ and add thecorresponding widget to thehome screen of the Androiddevice. In this way, theadministrator is constantly andeffortlessly up­to­date on themost important values in his/hernetwork. We were veryimpressed by this during the test.

PRTG Probe for AndroidThis is a good point to take alook at the PRTG Probe for

5

The drill down menu for a sensor gives users access to detailed information

Android. This software runs onmobile devices and gathers dataprovided by them. What data iscollected depends on themonitored component. Typicalvalues are, for example, batterylife, WLAN information, lightingconditions, humidity, pressure,temperature and location. Inaddition to being added to themonitored components, theAndroid devices can beimplemented as hardwareenvironment sensors, which canbe useful for old smart phonesthat have actually exceeded theirlife span.

Sensors for Receiving SyslogMessages and SNMP TrapsPaessler has included sensors inthe new version of PRTG that areable to receive Syslog messagesand SNMP traps. Many networkdevices support sending Sysloginformation and traps to serversin the network, which collect thecontained data in a centrallocation. Here, the informationcan be analyzed, used, andsearched through, in order tosimplify network managementand identify security problems.

PRTG’s Syslog and SNMP trapreceiver sensors can be integratedin the monitoring system just likeany other sensor. There are twopossible methods for integration:the first method is to add a sensordirectly to the device on whichthe probe is running. In order forthe sensor to receive data, theadministrator must configure theSNMP­ and Syslog­compatibledevices to send their notificationsdirectly to the probe device, sothat all desired information isreceived there. Alternatively, theadministrator can set up thesensors directly on theresponsible probe for the devices

that should be monitored. PRTGthen logs the notifications withinthe probe’s overview for each ofthe devices. Of course, thedevices must be configured tosend their data to PRTG.

According to the manufacturer,both PRTG sensors can processapproximately 10,000 Syslog ortrap notifications per second.High performance evaluationtools are a must in order tobenefit from the high datavolume. Comprehensive filtershelp to search through the dataand present only the information

that is useful for theadministrator. Relevant datalands in the PRTG database andcan be called up via the webinterface.

The Syslog sensor typicallysends out a warning if it receivesa message with ‘Severity 4’ andchanges to ‘Error’ status if amessage with ‘Severity 3’ orlower comes up. This behaviorcan be adjusted in the sensorconfiguration. When workingwith these sensors, it is importantto know that their information isupdated at every sensor scan

executed by PRTG, which occursin regular intervals. This means itis possible that a Syslog messagewith ‘Severity 2’ triggers anerror. The sensor status willchange to ‘Error’. If the errormessage does not appear duringthe next scan and none of thereceived messages contain errors,the ‘Error’ status of the sensorwill be cancelled. This willhappen even if the original errorstill remains. However, themessage can still be called up viathe web interface.

The Syslog and trap sensors arethus not necessarily suited forreal time monitoring of thenetwork systems; other sensorsare more suitable for this. Thesesensors are mainly useful forcollecting and evaluatinginformation that giveadministrators in­depthinformation regarding thecomponents in theirorganizations. Because messagescan be linked to triggers, they canalso be used to trigger warnings.More on this later.

Data AnalysisIncoming Syslog and Trap dataare first filtered – as alreadymentioned – so that only relevantinformation lands in the database,such as errors. The filters can beadjusted to meet theadministrators’ needs in thesensor configuration. PRTG’sfilters include an ‘Include’ filter,which saves messages that fit thefilter, ‘Exclude’, which makessure that unwanted messages arenot saved, and ‘Warning’ or‘Error’, which categorize thecorresponding messages aswarnings or errors.

So­called ‘fields’ are used todetermine which messages

6

The iOS app on an iPad

belong to which filter. For theSyslog sensor, this includes

information like ‘Source’,‘Severity’, ‘Tag’, ‘Appname’‘ProcID’, ‘Message’, etc. Thefields can be combined usingbrackets and the links ‘and’, ‘or’or ‘not’, which facilitatesdetailed data sorting even withlarge data volumes. Data that hasbeen saved in the PRTG systemcan be accessed via themanagement console. Furtherfilters can be set here to showonly the information that isrelevant to the current issue.

This takes us back to triggers onemore time. If the administratorlinks certain Syslog or Trapmessages with threshold values,emails or text messages can becreated to notify theadministrator of these. Forexample, a speed trigger can beset up, which would generate amessage if a certain number ofmessages per second is reached.

The Syslog and SNMP trapsensors worked great in our test.The installation andconfiguration arestraightforward, setting filtersshouldn’t cause problems for anyadministrator and thenotifications are an efficient wayof staying on top of the status ofindividual devices.

One remark regarding the trapreceiver sensors: ifmanufacturers provide MIB filesfor their devices, simply copythese files into the PRTG MIBsubfolder. Then the trap sensorswill use the Object IdentifierResolution (OID), which makesthe trap messages easier to read.We did this with our Lancom­Router in our test, and the OIDwas activated immediately.

The Ticket SystemIn addition to the new featuresmentioned above, the currentversion of PRTG also includes afully­fledged ticket system. This

system is used to create ticketsmanually or automatically (e.g. if

errors occur), which can beassigned to specific users or usergroups. Users can prioritize thetickets and close them aftercompleting the related tasks. Thisfunction helps to give users anoverview of the accumulatedtasks, the responsible personsand the status of each task.

Because tickets can be createdmanually, PRTG is not onlysuited to solving failures andproblems that arise in monitoringthe IT environment, but can beused to deal with all kinds ofdifficulties. For example, thehuman resources department canuse the ticket system to requestthe IT department to create useraccounts for new colleagues.Notifications are also able tocreate tickets automatically, so asto ensure that each problem willbe recorded in the monitoringsystem, not just marked with aspecific color or sent as amessage to the responsibleperson. Links to the tickets can

be sent per email and tickets caneasily be modified, reassigned or

The Android app in use on a

smartphone

The information to be logged with the Syslog receiver can be filtered using

efficient filters

7

reopened as needed. If PRTGrecognizes that a ticket is nolonger necessary because thecorresponding sensor has stoppedreporting an error, the systemcloses the ticket automatically.

PRTG’s predecessor to the ticketsystem was the so­called ‘To­Dos’. These were not able tomanage all tasks in the network,and were restricted to remindingstaff of tasks that were related tomaintenance of PRTG itself, likesoftware updates, databasemaintenance, etc. These To­Dosstill exist within the ticket systemand are called ‘To­Do Tickets’.They can be categorizedaccording to their content (all,reports, automatic search, probes,system error, new programversion).

Tickets can be created within theticket system, but they can alsobe created directly from a deviceentry by right­clicking on theentry and creating a ticket thatrelates to the device. Thus, userscan link tickets to objects inaddition to assigning them tousers.

The ticket overview displays alltickets in a list. The view can befiltered according to ‘open’,‘finished’, ‘closed’, etc.; theresponsible staff also has theoption to filter tickets accordingto specific users or modificationdates. Last but not least, the viewcan be filtered according to type:‘User tickets’, To­Do tickets and‘Notification Tickets’ – ticketscreated via notifications.

The ticket system is able to sorttickets according to priority andsend emails to the responsiblestaff member when a new ticketis created or the ticket’s status is

changed. The system providesthe company with a highperformance, easy­to­use

solution that helps to ensure thatall tasks are actually completed.

ConclusionOur test of PRTG 14 proved it tobe an outstanding product. Thesolution scores especially highdue to its fast, clear Ajax webinterface, which ensures thatmonitoring remains clear andeasy to use, in spite of thecomplexity of the task and thehuge range of function availablein Paessler’s PRTG. Even with ahigh number of monitoredsystems, important sensors canbe selected quickly and settingrequired threshold values andalerts is straightforward and fast.Functions like the maps andlibraries contribute to improvingthe lucidity of the solution andmake it even easier to work with.

We found the mobile apps to beespecially useful with the currentversion of PRTG. Themanufacturer invested a lot ofwork in the apps and ensured that

all relevant functions of themonitoring software can be usedon smartphones and tablets.

Administrators will be pleasedthat they can arrange work timesand service plans more flexiblythan ever.

The Syslog and SNMP trapreceiver and the ticket system aremeaningful extensions ofPRTG’s range of services and, inmost cases, render any thirdparty solutions unnecessary.Thanks to these functions, PRTGis even useful for IT staff that arenot looking for a monitoringsolution, but are looking for afree Syslog and trap receiver fortheir network. The free PRTGversion comes with ten sensorsand because these are capable ofprocessing up to 10,000messages per second, they canaccomplish a lot. Altogether, wecan say that Paessler’smonitoring solution does notleave anything wanting and,thanks to its flexibility andextensive range of functions, issuitable for application in nearlyevery IT environment.

PRTG offers comprehensive filter options to limit the number of tickets shown

8