Monitoring Virtual Servers on a Citrix NetScaler using PRTG

I recently had some drama with a few NetScaler Virtual Servers that weren’t being monitored. I made some modifications to a script I had written previously (which was inspired by Markus Kraus from My Cloud-(R)evolution) and created a Custom sensor for PRTG. The script queries the powerful Citrix NITRO API on the NetScaler to retrieve a JSON response containing the state of the Virtual Servers. It will enumerate the Virtual Servers that have been configured on the NetScaler and return an error in PRTG if the Effective State or Current State shows as DOWN. It will also return an error if the Health drops below 100 which indicates a problem with a Service Group member.

The first step is to create a Read Only user on the NetScaler so that the script can access the API.

This is done under System – User Administration – Users

We will set the System Command Policy for our new user to read-only.

Now we need to encrypt the password for use in the script as it is never a good idea to leave plain text passwords lying about!

We will use Windows in built encryption provider to generate the encrypted password. The encrypted password is tied to the account profile on the Windows instance that it is generated on so you MUST perform the following steps on the PRTG server.

Our PRTG instance is configured to run as the LOCAL SYSTEM account so we need a little help from PsExec by Mark Russinovich.

Download it onto the PRTG server from here. Unzip the PSTools zip file and copy PSExec.exe into a folder in your executable path.

Launch a PowerShell window using the following command.

psexec -s -i powershell.exe

Execute the following commands in your newly opened PowerShell window. If PRTG is running under a different user account (i.e. not LOCAL SYSTEM), you just need to log in as that user and run these commands, you don’t need to use psexec.

$Password = "Password of the Citrix NetScaler Read Only User"

$Password | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File c:\temp\encryptedpassword.txt

Use the contents of c:\temp\encryptedpassword.txt for the $EncryptedPassword variable in the script.

We will also need to populate the $ReadOnlyUser in the script with our Username from the NetScaler.

Copy the script to C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML on the PRTG server.

Create a sensor of type EXE/Script Advanced in PRTG. You should be able to select the new script in the drop down list labelled EXE/Script.

In the Settings of our new Sensor we need to set Environment to “Set placeholders as environment variables”.



Leave a Reply

Your email address will not be published. Required fields are marked *