Networking / Beginners

---

Configuring PRTG Traffic Grapher

PRTG Traffic Grapher is currently one of the best freeware options available. The same download is both the freeware version and a full-featured, timelimited trial version. PRTG is the only offering that supports data collection via sniffing, SNMP, and NetFlow.The graphs PRTG produces are very functional and a Web interface is provided that enables you to drill down into the data without having to be on the PRTG server or having to have any software installed.This means that if you want to collect data via sniffing, you don't have to worry about providing remote access to the PRTG server; you can access the reports via any Web browser. Follow these steps to get PRTG up and running.

1. Download the setup file from www.paessler.com/download/prtg and run it.
2. Click Yes to confirm that you wish to install the freeware/trial version.
3. Click Next.
4. Select the accept the agreement radio button to accept the license terms, and then click Next.
5. Select the installation directory, and then click Next.
6. On the Select Components screen you can select the defaults and then click Next.
7. Choose if you wish for the Web interface to be enabled or not. If you do want the Web interface enabled, you can leave it at the defaults.The PRTG Watchdog service is a process that will monitor and restart the PRTG process if it terminates unexpectedly.You should leave this option enabled unless you have a specific reason not to. When satisfied with your selection, click Next.
8. Click Finish to complete the installation and start PRTG. When you first run PRTG it will present you with a window where you can choose which version to install.The freeware edition (limited to three sensors), a trial edition (which will work for 30 days), or you can purchase the commercial edition. You also have the option of comparing the various versions. In this example we're looking at the freeware edition, so select the corresponding radio button (which should be the freeware version by default), click Next, and then Finish.
9. During the next step you will see an empty window, with a button in the center that says Click here to add your first sensor! Click this button.
10. Click Next
11. Choose which data collection method you wish to use. In this context a sensor can be any of several data collection devices, including a router supporting NetFlow, a PC sniffing traffic, or any device that will support SNMP (including Windows systems). For this example using a PC that will sniff the network traffic. If your network infrastructure devices don't support SNMP data collection or NetFlow data, this may be your only option anyway.A final option is to make this installation a latency monitoring system. In this mode, the system will use pings to monitor the round trip time between this host and various other hosts on the network. After making your selection, click Next.
12. On the next screen, enter the name of the sensor or leave the default value.
13. Place a check next to the interface you wish to use and click Next.
14. On the next screen you have the option of excluding certain traffic. I would suggest leaving the default of Monitor all traffic.The filters can be edited later if desired. Click Next.
15. On the next screen you have the option of choosing what protocols to monitor (called channels).You can also define your own by clicking Edit Port Filter Library. For now, just click Select All and then Next.We will demonstrate creating your own "channel" shortly.
16. On the next screen you can choose a grouping for you to add sensors under (with a limit of three sensors this grouping probably isn't that critical, but if you had hundreds of devices it would be very useful).You can also select the scanning interval. Unless you have reason to do otherwise, simply leave the defaults in place and click Finish.

The main PRTG Traffic Grapher console.There are three panes.The leftmost is called Views and enables you to select between different layouts and to display different data.The middle one, Sensors, enables you to select different sensors to see their data.The rightmost pane is View: <description>, and will change depending on what you select in the Views pane on the far left. While the same installation file is used for Windows XP and Windows 2000, once installed, the interfaces have slight differences.The differences are very minor and these instructions should work for either version.

If you double-click on a given graph you will get an enlarged view that you can also use to edit the graph colors, units, and several other options. By default, the Web interface will be available on the IP of the machine you installed PRTG on, using port 8080. In this case you can open a browser to http://192.168.1.104:8080.

You should now be collecting data, which should be visible in the graphs. You might wish to customize a few features though. If you wish to disable, or modify the Web interface (and many other settings) navigate to Extras | Options. In the left pane, select Web Server. Uncheck Enable Internal Webserver if you wish to disable the Web interface completely. If you plan on leaving the Web server enabled, you should place a check next to Write webserver access logfile.You should also change the Website Access Control to Limited Access. Because the sensor data and reports could contain confidential information, the default of unlimited access to the Web interface is not secure.

After configuring the Web Server options, select Web Server | Users in the left pane.The default configuration will be to permit the PRTG administrator only. Note that this is not the local machine's administrator account; this account is specific to PRTG.This might be all you need, but if you need to permit additional accounts click Add and enter the account information followed by OK.

If you want to send e-mail alerts, you will need to configure the mail server options within PRTG. Do this by navigating to Extras | Options | System | Mail Server. Enter the IP address or hostname for the SMTP server. Also enter an e-mail address, which will be the alert e-mail's "from" address. If SMTP authentication is needed you can enter the username and password in this window as well. Once you are satisfied with your selection click OK to accept the changes.

Now let's suppose you have some custom applications, or even just some applications you want to specifically target in the reporting.Any protocols/ports that do not have a channel defined will fall in to the "other" channel.This could be applications that were designed in-house using a nonstandard protocol/port number, or a more common application that PRTG doesn't have defined yet, such as syslog.You can add to the list of "channels" and define your own by following these steps.

1. Navigate to Extras | Channel Library.
2. To add a specific graph entity for UDP-based syslog messages, for example, click Add Filter.
3. Enter a name for the channel, such as UDP_SYSLOG, for example, and click OK.The window will go back to the way it was, but the new channel name will appear in the list on the left.To edit the rules of the channel, select the channel to edit in the left pane, and then click in the right pane.
4. Enter Protocol[UDP] DestinationPort[514] and click OK.This adds the channel to the PRTG console but not to a specific sensor yet.
   TIP Remember that the "channels" use port numbers to identify an application. The reliability of this identification depends on the application using a consistent port. There is nothing stopping someone from running a Web server on TCP23 instead of port TCP80, in which case it will show up in the graphs as Telnet traffic. Other applications, like instant messengers and file sharing applications in particular, will use a wide range of ports in an attempt to find one that will get through corporate firewalls. Creating a filter to identify these based solely on port numbers will be unreliable at best.
5. Ensure that the proper sensor is selected in the Sensors pane and navigate to Edit | Edit.You'll notice the next window is titled Edit Sensor.
6. Select Channels in the left pane and click Add.
7. Select the new channel in the left pane and click OK.
8. Use the Top, Up, Down, and Bottom buttons to place the channel in the order you desire.The channel matches work much like a firewall access control list in that PRTG will stop processing the list as soon as it finds a match. If there is no match it will categorize the traffic as "Other."
9. Click OK again to close the Edit Sensor window.

You should now have a new channel displayed in the legend on the Graph tab.You are limited to only 254 channel definitions, though this limitation isn't likely to pose much of an issue in a smaller environment.You should now have PRTG collecting data via sniffing.You can view the graphs from the Web page or the PRTG console.You also have defined any additional ports you want PRTG to recognize as a specific application as its own "channel."The final configuration options I will discuss are that of configuring the alerts. Odds are good you won't be able to sit and stare at the graphs all day and all night, so setting up some notifications might be one way to save time and energy, not to mention make you look like you have "network ESP" to your manager.To configure notifications and limits, navigate to Edit | Edit and select the Notifications & Limits tab.This tab provides the following options:

• Error Notification This will be triggered only if a sensor reports an error. Be aware that if there is a connectivity outage to the sensor, the sensor cannot report the error until connectivity is restored.
• Threshold Notification This is used to set specific upper or lower limits on a per-channel basis. An optional time span can be configured from seconds to days. If you do not specify a time span, the event will trigger as soon as the threshold is exceeded.
• Volume Notification This is similar to the threshold notification, except the volume is defined as an upper threshold and a minimum time span of one hour is required.
• Limit Line The limit line only serves to add a line to the 30-day graph.This could be useful, for example, to set the limit to 75 megabits on a 100-megabit network (75 percent) as a warning of when your infrastructure is reaching capacity.

All the notifications have several options that can occur when triggered. You can choose to send an e-mail, perform an HTTP Get request, execute a program/batch file, and change color of the graph background for each trigger.You can also combine multiple notification methods for a single trigger, such as changing the color of the graph background and sending an email. Given that PRTG includes a fully functional notification system, this really makes PRTG stand out among its peers as one of the best free network reporting tools available. As an example, let's assume you have a single T1 line at work (1.5 megabits per second) and you want to send an e-mail if traffic levels for FTP exceed 1 megabit per second. Follow these steps to configure the notification.

1. Select the desired sensor in the Sensors pane; then right-click and select Edit.
2. Select Notifications & Limits in the left pane.
3. Click the Add Threshold Notification button.
4. Choose a name, such as 1Mb_FTP.
5. In the Channel drop-down box, select FTP.
6. In the Threshold section, select over, 1, megabit per second.
7. Under Notification in the left pane, select Email.
8. Place a check next to Send Email.
9. In the Address field, enter the e-mail address of the e-mail recipient.
10. Select the e-mail template you wish to use and click OK.
11. In the Edit Sensor window, click OK to accept the changes.

With the capability to execute an external program based on thresholds and volumes, the possibilities are near limitless. If you wanted to integrate your PRTG alerts into a syslog infrastructure, you could use the EXE notification method to execute a batch file that uses a command-line utility to generate a syslog message. There is very little functionality that is unavailable in the free product, and a limitation of three sensors will likely pose little problem to a smaller organization.The graphing and reporting capabilities are exceptionally robust for a free product.