Multiple Probes and Remote Probes

PRTG has two modules that perform the monitoring: The core server, which handles data storage, web server and a lot more, as well as one or more "probes" which perform the actual monitoring.

How Probes Work

As soon as a Probe starts work it automatically connects to its Core Server, downloads the sensor configuration and begins its monitoring tasks. The core server sends new configuration data to a probe as soon as the monitoring configuration is changed by the user. Probes monitor autonomously and send the monitoring results back to the core server for each check they have performed. If the connections between core and probe fails for any reason (e.g. a reboot of the core) the probe continues its monitoring and stores the results.

The connection between probe and core is initiated by the probe, secured using SSL (Secure Sockets Layer). This means that the data sent back and forth between core and probe is not visible to someone capturing data packets. The core server provides an open TCP/IP port and waits for connection attempts from probes. If a new probe connects for the first time the administrator will receive a ToDo and will then see the new probe in the sensor tree. As a security precaution, the probe must be manually approved by the administrator (Click on "accept") before any sensors can be created and monitored. The admin can also deny a probe which will then be disconnected.  No further connection attempts will be accepted (the probe IP is added to the "Deny IPs" list in the probe system settings). This ensures that unauthorized probes can not connect to a core server.

Since the probe initiates the connection, you must ensure that it can be created from the outside world onto your core server, e.g. you may need to open any necessary ports in your firewall and you may need to specify a NAT rule for your network. The process is the same when you want to allow access to the web server of the core server via port 80.

Note: The local probe is automatically configured and approved and connects to the core via localhost (127.0.0.1) and SSL.

Situations That Require Monitoring Using Remote Probes

Upon installation, PRTG creates the first probe automatically called the "local probe". The local probe runs on the same machine as the core server and monitors all sensors from this system. Working with only one local probe should suffice for LAN monitoring and if you have just one location that you need monitoring for.

However, there are several situations that make it necessary to work with multiple probes or remote probes:

• If you have more than one location and you need to make sure that services are available from all locations.
• If your network is separated in several LANs by firewalls and the local probe can not monitor specific services across the firewalls.
• If you need to monitor systems in VPNs across public or in-secure data lines.
• If you want to sniff packets on another computer.
• If you want to monitor NetFlow data on another computer.
• If you experience performance issues with CPU intensive sensors like packet sniffing or NetFlow sensors and need to distribute the load onto more than one PC.

The following chart shows an example: The PRTG Core Server inside the "Corporate LAN" (bottom right) is able to monitor

• services inside the "Corporate LAN" using the "Local Probe"
• services behind a firewall in the "Corporate LAN" using "Remote Probe 1"
• secured services inside the "Branch Office" (top left) using a "Remote Probe 2" installed on a dedicated probe server

• secured services on "Mail Server" and "Web Server" using "Remote Probe 3 and 4" installed directly on these servers
• public services on the Internet using any of the probes.

Automatic Probe Updating

Whenever a new version of PRTG is installed on the core server all remote probes will automatically download and install the updated version of the probe as soon as they reconnect to the updated core. Here is a screenshot of the "Devices" page of a PRTG installation shortly after the restart of a core server that has been updated to the latest PRTG version:

The local probe has already been updated during the core installation. All other probes are automatically downloading the new binaries of the "PRTG probe" using the SSL-secured probe/core connection. The download of the 4 MB file takes between a few seconds (in LANs) and a few minutes (over WAN connections), depending on the available bandwidth. As soon as the update has been downloaded the probe disconnects, installs the update and reconnects to the core server. This takes between 20 and 100 seconds. Please note that during the update phase the monitoring of the local probe can be affected due to the bandwidth required for the downloads.

Step 1: Preparing a Core Server for Remote Probes

Before remote probes can connect to a core server you must edit the relevant settings in the core server administrator tool which you can find in PRTG's Start menu group:

Be default, a core server only accepts connections via localhost (127.0.0.1) which means that only the local probe can connect. This is the most secure setting. In order to allow external probes to connect you must check "Use all IPs..." or "Specify IPs..." and select one of the IPs of the server. You can also specify the TCP/IP port number.

When you are done, click "OK" to save your settings. The core server process will be restarted so that the changes take effect.

Step 2: Setting up Remote Probes

To install a remote probe go to the web interface of the Core Server installation, go to "Setup|Download", download the Remote Probe Installer and run it. At the end of the installation the Probe Administrator will be started (or you can start it manually from the Start menu later) and you can enter the settings:

The important settings are (See PRTG Probe Administrator for more details):

• Name of the probe: A name of your choice that will be visible in the sensor tree in the web interface.
• Server Connection: Please choose "Connect to remote core server".
• Server (IP or DNS name). Please enter the server's IP address or DNS name (the one that you have specified in the core server administrator tool above). Note: If the core server resides in a NAT-ed network behind a firewall you must edit your firewall NAT settings and supply the external mapped IP address.
• Port: Please enter the same port number that you have set up in your Core Server above.

You can edit the access keys on the server through the web interface: Choose "Setup|System Setup" from the main menu of the web interface and you will see this screen:

You can enter one or more access keys in the web interface (one for each probe is recommended) and the exact same string must be entered into the probe's setup, otherwise the core server will not accept a connection. By default PRTG accepts connections from any IP.  Using the two settings you can make your configuration even more secure, especially by only allowing authorized IPs. Simply enter these IPs in the "Allow IPs" setting.  If you ever need to hard block a probe from a specific IP, please enter the IP in the "Deny IPs" settings.

When you are done with the probe setup, the probe service is started automatically and the it tries to connect to the core server.

Step 3: Approving a New Probe

When a new probe has connected to the core server you must approve it in the web user interface:

Click on "Approve New Probe" to fully enable the probe. PRTG automatically creates a set of sensors for the probe to ensure that bottlenecks on the probe will always be noticed. It is recommended to keep these sensors.

Now you can create groups, devices and sensors for monitoring via the new probe.

Debugging Probe Connection Problems

If you have trouble with the setup of remote probes please look at the probe's log files which usually reside in the following folder on the probe system:

Windows XP and Server 2003:

C:\documents and settings\All Users\application data\Paessler\PRTG Network Monitor\V7\Logs (System)

Windows Vista and Server 2008:

C:\ProgramData\Paessler\PRTG Network Monitor\V7\Logs (System)

The probe process writes the two log files "PRTG Probe Log (1).log" and "PRTG Probe Log (2).log" alternatively. Please open the one with the most recent date.

For a correct connection the probe log should look similar to this:

23.05.2008 16:15:15 PRTG Probe Server V7.0.1.821
23.05.2008 16:15:15 Starting Probe on "WINXPVMWARE"
23.05.2008 16:15:15 Data Path: C:\documents and settings\All Users\a ....
23.05.2008 16:15:15 Local IP: 0.0.0.0
23.05.2008 16:15:15 Core Server IP and Port: 10.0.2.167:23560
23.05.2008 16:15:15 Probe ID: -1
23.05.2008 16:17:01 Connected to 10.0.2.167:23560
23.05.2008 16:17:06 Login OK: Welcome to PRTG

For example if the connection fails due to an incorrect Access Key password you will see:

23.05.2008 16:31:02 Try to connect...
23.05.2008 16:31:02 Connected to 10.0.2.167:23560
23.05.2008 16:31:07 Login NOT OK: Access key not correct!

 

Continue