What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Palo Alto Network VPN monitoring Powershell script

Votes:

0

I'm having trouble getting the required output from my PowerShell script I want to output the state active or inactive for dozens and dozens of site-to-site VPN tunnels.

I'm trying to adapt the script, found here: http://www.hospitableit.com/howto/monitoring-an-ipsec-tunnel-on-a-palo-alto-firewall-using-prtg/, which monitors a single site-to-site VPN tunnel so PRTG using this sensor: https://www.paessler.com/manuals/prtg/exe_script_advanced_sensor would monitor as many as we have.

$SecurePassword = Get-Content "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\vpnmonitor_password.txt <file:///C:/Program%20Files%20(x86)/PRTG%20Network%20Monitor/Custom%20Sensors/EXEXML/vpnmonitor_password.txt> " | ConvertTo-SecureString
$Marshal = [System.Runtime.InteropServices.Marshal]
$Bstr = $Marshal::SecureStringToBSTR($SecurePassword)
$Password = $Marshal::PtrToStringAuto($Bstr)
$Marshal::ZeroFreeBSTR($Bstr)

$VPNTunnelState = & 'C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\curl.exe' -k -X GET "https://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=$Password" | Out-File vpnmonitor.xml
[xml]$XmlDocument = Get-Content -Path .\vpnmonitor.xml
$a = $XmlDocument.SelectNodes('//entry')

foreach($Node in $a) {
if($Node.state -eq 'active') {
    $NodeState = "1"
                }
          Else {
          $NodeState = "0"
          }
}

Write-Host "<prtg>"
Write-Host "<result>"
           "<channel>"+ $a.name +"</channel>"
           "<value>" + $NodeState +"</value>"
           "</result>"
Write-Host "</prtg>"

$a displays all the information about all the VPN tunnels.

$a.name works as well, as does $a.state.

If I do $node or $nodestate it always display the information from the last VPN tunnel.

The information for one VPN tunnel is as follows (one example):

peerip : xxx.xxx.xxx.xxx name : VPN_tunnel_name outer-if : ethernet1/1 gwid: 26 localip: xxx.xxx.xxx.xxx state: active inner-if: tunnel.31 mon: off owner : 1 id : 34 PRTG displays the Channel name that contains the name of all VPN tunnels and the state of last one ($nodestate).

I might have to change this last part so I do it individually for each and every tunnel, which is fine by me if there's not other option, but I did try with

Write-Host "<prtg>" Write-Host "<result>" "<channel>"+ $a.name[28] +"</channel>" "<value>" + $a.state[28] +"</value>" "</result>" Write-Host "</prtg>"

And I get a XML parser error in PRTG, stating that the JSON does not match the expected structure (invalid JSON).

$nodestate[28] doesn't show anything, everything just might work if that would display a 1 (active) or a 0 (inactive).

I'd gladly provide additional information.

advanced-xml-sensor powershell-module prtg

Created on Jan 27, 2019 11:59:56 AM



26 Replies

Votes:

2

Hi CypherBit,

Don't have a PaloAlto so I can't fully test your PS script. There are various parameters and settings in it, that I think are a total overhead, but that's a different story.

Just an fyi - I am sure you can directly parse the output of the EXE file to XML instead of running through a text file.

How does the actual output of the PS script look like? Can you post an example...

Why are you using [28] in your last code example?

And there is another flaw:

foreach($Node in $a) {
if($Node.state -eq 'active') {
    $NodeState = "1"
                }
          Else {
          $NodeState = "0"
          }
}

$NodeState is a fixed variable... you loop through all "lines" in $a - might be line one would equal active but line two might not be and then overwrite it with 0 again.

Worse do you handle $a later as a entry rather then an array in the Write-Host area... while this area further is wrong as well due to missing Write-Host lines and not combined text-quotes in of multiple lines.. That your output halfway works is pure coincidence..

What you should do instead:

$SecurePassword = Get-Content "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\vpnmonitor_password.txt <file:///C:/Program%20Files%20(x86)/PRTG%20Network%20Monitor/Custom%20Sensors/EXEXML/vpnmonitor_password.txt> " | ConvertTo-SecureString
$Marshal = [System.Runtime.InteropServices.Marshal]
$Bstr = $Marshal::SecureStringToBSTR($SecurePassword)
$Password = $Marshal::PtrToStringAuto($Bstr)
$Marshal::ZeroFreeBSTR($Bstr)

$VPNTunnelState = & 'C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\curl.exe' -k -X GET "https://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=$Password" | Out-File vpnmonitor.xml
$XmlDocument = Get-Content -Path .\vpnmonitor.xml
$a = $XmlDocument.SelectNodes('//entry')
#$VPNTunnelState is not used - in theory you could directly use the next two lines instead of the above three - not tested though.. 
#$VPNTunnelState = [xml]('C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\curl.exe' -k -X GET "https://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=$Password")
#$a = $VPNTunnelState.SelectNodes('//entry')
#having said that, you probably could even use a PS command to directly pase the HTML file mentioned above.. but that's really another story...

$XML = "<prtg>"
$XML += "<result>"

foreach($Node in $a) {
	if($Node.state -eq 'active') {
		$XML += "<channel>"+ $Node.name +"</channel>"
		$XML += "<value>1</value>"
	} Else {
		$XML += "<channel>"+ $Node.name +"</channel>"
		$XML += "<value>0</value>"
	}
}

$XML += "</result>"
$XML += "</prtg>" 

Write-Host $XML

Hope this helps.. $a is an array - you might even want to rename it to $NodeArray - yes - it is possible that the array is a single node and it still works - but you depend on the the XML output of your web request for this..

Regards

Florian Rossmark

www.it-admins.com

Created on Jan 28, 2019 2:43:41 PM



Votes:

0

Hello Florian,

thank you so much for your reply.

I know the code could/should be cleaner, but I need it to work first, I'll try to optimize later. You're right I'm quite sure that I don't need to output to an .xml file and could parse it directly, but since it wasn't working for me, I thought I might as wel drop it to a file to see what I'm working with.

If I run the script I get:

PS C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML> .\VPNmonitor.ps1
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 12217  100 12217    0     0  12217      0  0:00:01 --:--:--  0:00:01 20060
<prtg><result><channel>VPN1</channel><value>0</value><channel>entry</channel><value>0</value><channel>entry</channel><value>0</value><channel>entry</channel><value>0</value><channel>entry</channel><value>0</value><channel>entry</channel><value>0</value><channel>VPN2</channel><value>0</value><channel>VPN3</channel><value>1</value><channel>VPN4</channel><value>1</value><channel>VPN5</channel><value>1</value><channel>VPN6</channel><value>1</value><channel>VPN7</channel><value>1</value><channel>VPN8</channel><value>1</value><channel>VPN9</channel><value>1</value><channel>VPN10</channel><value>1</value><channel>VPN11</channel><value>1</value><channel>VPN12</channel><value>0</value><channel>VPN13</channel><value>0</value><channel>VPN14</channel><value>0</value><channel>VPN15</channel><value>0</value><channel>VPN16</channel><value>1</value><channel>VPN17</channel><value>0</value><channel>VPN18</channel><value>0</value><channel>VPN19</channel><value>0</value><channel>VPN20</channel><value>1</value><channel>VPN21</channel><value>1</value><channel>VPN22</channel><value>0</value><channel>VPN23</channel><value>1</value><channel>VPN24</channel><value>0</value><channel>VPN25</channel><value>1</value><channel>VPN26</channel><value>1</value><channel>VPN27</channel><value>0</value><channel>VPN28</channel><value>0</value><channel>VPN29</channel><value>0</value><channel>VPN30</channel><value>0</value><channel>VPN31</channel><value>1</value><channel>VPN32</channel><value>0</value><channel>VPN33</channel><value>0</value></result></prtg>
PS C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML>

Using the code you provided I receive the following error in PRTG:

XML: XML Parser mismatch: Wanted </>, got </tunnel> -- JSON: The returned JSON does not match the expected structure (Invalid JSON.). (code: PE231)

Created on Jan 30, 2019 9:41:57 AM

Last change on Jan 30, 2019 10:00:34 AM by Torsten Lindner [Paessler Support]



Votes:

0

Since I didn't put a XML parser or similar in the code, this must be an issue PRTG is showing you.

How does the output look like when you run it in PowerShell manually?

Pretty sure it is a minor issue...

PS: If the output you posted is from the code/script I provided, I wonder about one thing here - where does this come from?

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 12217  100 12217    0     0  12217      0  0:00:01 --:--:--  0:00:01 20060

Right now I don't see a reason this should be outputted.. and yes - if this is the case - this needs to go away - PRTG can't parse this ...

All you want to have as output is this:

<prtg><result><channel>VPN1</channel><value>0</value><channel>entry</channel><value>0</value><channel>entry</channel><value>0</value><channel>entry</channel><value>0</value><channel>entry</channel><value>0</value><channel>entry</channel><value>0</value><channel>VPN2</channel><value>0</value><channel>VPN3</channel><value>1</value><channel>VPN4</channel><value>1</value><channel>VPN5</channel><value>1</value><channel>VPN6</channel><value>1</value><channel>VPN7</channel><value>1</value><channel>VPN8</channel><value>1</value><channel>VPN9</channel><value>1</value><channel>VPN10</channel><value>1</value><channel>VPN11</channel><value>1</value><channel>VPN12</channel><value>0</value><channel>VPN13</channel><value>0</value><channel>VPN14</channel><value>0</value><channel>VPN15</channel><value>0</value><channel>VPN16</channel><value>1</value><channel>VPN17</channel><value>0</value><channel>VPN18</channel><value>0</value><channel>VPN19</channel><value>0</value><channel>VPN20</channel><value>1</value><channel>VPN21</channel><value>1</value><channel>VPN22</channel><value>0</value><channel>VPN23</channel><value>1</value><channel>VPN24</channel><value>0</value><channel>VPN25</channel><value>1</value><channel>VPN26</channel><value>1</value><channel>VPN27</channel><value>0</value><channel>VPN28</channel><value>0</value><channel>VPN29</channel><value>0</value><channel>VPN30</channel><value>0</value><channel>VPN31</channel><value>1</value><channel>VPN32</channel><value>0</value><channel>VPN33</channel><value>0</value></result></prtg>

more pretty:

<prtg>
	<result>
		<channel>VPN1</channel>
		<value>0</value>
		<channel>entry</channel>
		<value>0</value>
		<channel>entry</channel>
		<value>0</value>
		<channel>entry</channel>
		<value>0</value>
		<channel>entry</channel>
		<value>0</value>
		<channel>entry</channel>
		<value>0</value>
		<channel>VPN2</channel>
		<value>0</value>
		<channel>VPN3</channel>
		<value>1</value>
		<channel>VPN4</channel>
		<value>1</value>
		<channel>VPN5</channel>
		<value>1</value>
		<channel>VPN6</channel>
		<value>1</value>
		<channel>VPN7</channel>
		<value>1</value>
		<channel>VPN8</channel>
		<value>1</value>
		<channel>VPN9</channel>
		<value>1</value>
		<channel>VPN10</channel>
		<value>1</value>
		<channel>VPN11</channel>
		<value>1</value>
		<channel>VPN12</channel>
		<value>0</value>
		<channel>VPN13</channel>
		<value>0</value>
		<channel>VPN14</channel>
		<value>0</value>
		<channel>VPN15</channel>
		<value>0</value>
		<channel>VPN16</channel>
		<value>1</value>
		<channel>VPN17</channel>
		<value>0</value>
		<channel>VPN18</channel>
		<value>0</value>
		<channel>VPN19</channel>
		<value>0</value>
		<channel>VPN20</channel>
		<value>1</value>
		<channel>VPN21</channel>
		<value>1</value>
		<channel>VPN22</channel>
		<value>0</value>
		<channel>VPN23</channel>
		<value>1</value>
		<channel>VPN24</channel>
		<value>0</value>
		<channel>VPN25</channel>
		<value>1</value>
		<channel>VPN26</channel>
		<value>1</value>
		<channel>VPN27</channel>
		<value>0</value>
		<channel>VPN28</channel>
		<value>0</value>
		<channel>VPN29</channel>
		<value>0</value>
		<channel>VPN30</channel>
		<value>0</value>
		<channel>VPN31</channel>
		<value>1</value>
		<channel>VPN32</channel>
		<value>0</value>
		<channel>VPN33</channel>
		<value>0</value>
	</result>
</prtg>

And there we go - the XML has a bug

I think I was under assumption you get only one result - how ever, I did a mistake - the RESULT tag needs to wrap every channel... the output would need to look like this:

<prtg>
	<result>
		<channel>VPN1</channel>
		<value>0</value>
	</result>
	<result>
		<channel>entry</channel>
		<value>0</value>
	</result>
	<result>		
		<channel>entry</channel>
		<value>0</value>
	</result>
	<result>		
		<channel>entry</channel>
		<value>0</value>
	</result>
</prtg>

Here the corrected script:

$SecurePassword = Get-Content "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\vpnmonitor_password.txt <file:///C:/Program%20Files%20(x86)/PRTG%20Network%20Monitor/Custom%20Sensors/EXEXML/vpnmonitor_password.txt> " | ConvertTo-SecureString
$Marshal = [System.Runtime.InteropServices.Marshal]
$Bstr = $Marshal::SecureStringToBSTR($SecurePassword)
$Password = $Marshal::PtrToStringAuto($Bstr)
$Marshal::ZeroFreeBSTR($Bstr)

$VPNTunnelState = & 'C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\curl.exe' -k -X GET "https://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=$Password" | Out-File vpnmonitor.xml
$XmlDocument = Get-Content -Path .\vpnmonitor.xml
$a = $XmlDocument.SelectNodes('//entry')
#$VPNTunnelState is not used - in theory you could directly use the next two lines instead of the above three - not tested though.. 
#$VPNTunnelState = [xml]('C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\curl.exe' -k -X GET "https://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=$Password")
#$a = $VPNTunnelState.SelectNodes('//entry')
#having said that, you probably could even use a PS command to directly pase the HTML file mentioned above.. but that's really another story...

$XML = "<prtg>"

foreach($Node in $a) {
	if($Node.state -eq 'active') {
		$XML += "<result>"
			$XML += "<channel>"+ $Node.name +"</channel>"
			$XML += "<value>1</value>"
		$XML += "</result>"
	} Else {
		$XML += "<result>"
			$XML += "<channel>"+ $Node.name +"</channel>"
			$XML += "<value>0</value>"
		$XML += "</result>"
	}
}

$XML += "</prtg>" 

Function WriteXmlToScreen ([xml]$xml) #just to make it clean XML code...
{
    $StringWriter = New-Object System.IO.StringWriter;
    $XmlWriter = New-Object System.Xml.XmlTextWriter $StringWriter;
    $XmlWriter.Formatting = "indented";
    $xml.WriteTo($XmlWriter);
    $XmlWriter.Flush();
    $StringWriter.Flush();
    Write-Output $StringWriter.ToString();
}
WriteXmlToScreen "$XML"

The above script has a XML-Formatting function as well.. making the output more readable and kind of parsing it correct..

Again - this should not be in the output at all (see below) - not sure where it comes from and I really can't test the script due to not having such a device... developing blind here... 

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 12217  100 12217    0     0  12217      0  0:00:01 --:--:--  0:00:01 20060

If I would need to guess - I assume this line causes the additional wrong output:

$VPNTunnelState = & 'C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\curl.exe' -k -X GET "https://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=$Password" | Out-File vpnmonitor.xml

Please be aware of a restriction as well - PRTG can process 50 channels per sensor - no more.. just be sure you don't hit that limit..

Regards

Florian

Created on Jan 30, 2019 2:37:14 PM



Votes:

0

Thank you so much. I cleaned up the code a bit more so this doesn't appear anymore: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 12217 100 12217 0 0 12217 0 0:00:01 --:--:-- 0:00:01 20060

Now I get this when I run the script, which looks to be exactly what is needed: PS C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML> .\VPNmonitor.ps1 <prtg> <result> <channel>VPN1</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>VPN2</channel> <value>0</value> </result> <result> <channel>VPN3</channel> <value>1</value> </result>

I currently have 42 channels, but I'm still getting this in PRTG:

XML: XML Parser mismatch: Wanted </>, got </tunnel> -- JSON: The returned JSON does not match the expected structure (Invalid JSON.). (code: PE231)

The script itself seems to function just fine, I'm not sure why I'm getting this, if needed I can contact support through PRTG.

Created on Jan 30, 2019 5:28:23 PM



Votes:

0

The results you posted miss the closing 

</prtg>

tag... I don't see a reason within the script I provided that this would happen. Can it be you just missed that output line?

$XML += "</prtg>"

The XML output of the PowerShell script is not valid and can't be processed, what PRTG cries about is right..

PS: I am certain the PRTG support is reading our posts.. I am more then happy to help.. it's almost an hobby of mine :-)

Regards

Florian

Created on Jan 31, 2019 2:18:40 PM



Votes:

0

Sorry about that, I didn't post the entire result, since there are so many VPNs.

</prtg>

Is part of the output, I just didn't post it. By looking at the output everything looks just fine, it's just that PRTG complains.

Created on Feb 3, 2019 10:45:09 AM



Votes:

1

Hi there,

Could you post the entire output? I ask because as PRTG mentions in the error message, somewhere in the output is most likely a "</tunnel>".

Best regards.

Created on Feb 4, 2019 9:00:54 AM by Dariusz Gorka [Paessler Support]



Votes:

0

Hello,

sure, unfortuntelly there's nothing in the output that I can find that might cause this. Here is the complete output, only the VPN names have been changed (none contained tunnel):

PS C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML> .\VPNmonitor.ps1 <prtg> <result> <channel>GP-1</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>entry</channel> <value>0</value> </result> <result> <channel>GP-2</channel> <value>0</value> </result> <result> <channel>VPN-1</channel> <value>1</value> </result> <result> <channel>VPN-2</channel> <value>1</value> </result> <result> <channel>VPN-3</channel> <value>1</value> </result> <result> <channel>VPN-4</channel> <value>1</value> </result> <result> <channel>VPN-5</channel> <value>1</value> </result> <result> <channel>VPN-6</channel> <value>1</value> </result> <result> <channel>VPN-7</channel> <value>1</value> </result> <result> <channel>VPN-8</channel> <value>1</value> </result> <result> <channel>VPN-9</channel> <value>1</value> </result> <result> <channel>VPN-10</channel> <value>0</value> </result> <result> <channel>VPN-11</channel> <value>0</value> </result> <result> <channel>VPN-12</channel> <value>0</value> </result> <result> <channel>VPN-13</channel> <value>0</value> </result> <result> <channel>VPN-14</channel> <value>1</value> </result> <result> <channel>VPN-15</channel> <value>1</value> </result> <result> <channel>VPN-16</channel> <value>0</value> </result> <result> <channel>VPN-17</channel> <value>0</value> </result> <result> <channel>VPN-18</channel> <value>1</value> </result> <result> <channel>VPN-19</channel> <value>1</value> </result> <result> <channel>VPN-20</channel> <value>1</value> </result> <result> <channel>VPN-21</channel> <value>1</value> </result> <result> <channel>VPN-22</channel> <value>0</value> </result> <result> <channel>VPN-23</channel> <value>1</value> </result> <result> <channel>VPN-24</channel> <value>1</value> </result> <result> <channel>VPN-25</channel> <value>0</value> </result> <result> <channel>VPN-26</channel> <value>0</value> </result> <result> <channel>VPN-27</channel> <value>0</value> </result> <result> <channel>VPN-28</channel> <value>0</value> </result> <result> <channel>VPN-29</channel> <value>1</value> </result> <result> <channel>VPN-30</channel> <value>0</value> </result> <result> <channel>VPN-31</channel> <value>0</value> </result> </prtg>

Created on Feb 4, 2019 5:33:05 PM



Votes:

0

Hi there,

Is that the entire output PRTG gets? I suspect that there might be a different output when executed manually vs. what PRTG gets. Could you check the logs by enabling "Write EXE Result to Disk".

Best regards.

Created on Feb 5, 2019 5:10:05 AM by Dariusz Gorka [Paessler Support]



Votes:

0

Hello,

I did as suggested and quickly found the error, I was outputting the .xml without a path, PRTG wanted to dump it to %systemroot%\System32, but it didn't have permissions to do so.

I adjusted the script so it outputs directly to C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML.

I have another question, request. Since the current script lists all tunnels, including the ones I'm not interested in, would it be possible to list only the ones that contain "VPN". That way I wouldn't reach the 50 channels limit as quickly as I will now (we added 4 additional VPN tunnels today).

Additionally how can I set the channels so that they're red/down when the value is 0 and OK when the value is 1?

Created on Feb 5, 2019 12:57:25 PM



Votes:

0

Hi there,

This would need a programmatic way as PRTG simply displays/gets what the output says. So in this case you would need to filter the channels that are listed manually within the script.

Best regards.

Created on Feb 5, 2019 2:19:51 PM by Dariusz Gorka [Paessler Support]



Votes:

1

Hi Cypher,

A few comments here - I still think you can work completely without the CURL.EXE - PowerShell should be able to directly process the HTML/XML content from you URL - but I can't test this since I don't have this type of device around.

Since you go it to work by altering the output path or the XML file, you can leave it as is - though - the perfectionist in me does not like it - but that's another story :-).

You asked to alter the script a bit - well - I don't know what you altered before, so I just grabbed the last version I provided and added a some code... the changes are only inside the FOREACH loop - I added a statement that should check if the tunnel name includes VPN* and I added script sided limits so the channels will raise an error automatically if not 1.

$SecurePassword = Get-Content "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\vpnmonitor_password.txt <file:///C:/Program%20Files%20(x86)/PRTG%20Network%20Monitor/Custom%20Sensors/EXEXML/vpnmonitor_password.txt> " | ConvertTo-SecureString
$Marshal = [System.Runtime.InteropServices.Marshal]
$Bstr = $Marshal::SecureStringToBSTR($SecurePassword)
$Password = $Marshal::PtrToStringAuto($Bstr)
$Marshal::ZeroFreeBSTR($Bstr)

$VPNTunnelState = & 'C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\curl.exe' -k -X GET "https://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=$Password" | Out-File vpnmonitor.xml
$XmlDocument = Get-Content -Path .\vpnmonitor.xml
$a = $XmlDocument.SelectNodes('//entry')
#$VPNTunnelState is not used - in theory you could directly use the next two lines instead of the above three - not tested though.. 
#$VPNTunnelState = [xml]('C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\curl.exe' -k -X GET "https://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=$Password")
#$a = $VPNTunnelState.SelectNodes('//entry')
#having said that, you probably could even use a PS command to directly pase the HTML file mentioned above.. but that's really another story...

$XML = "<prtg>"

foreach($Node in $a) {
	if ($Node.name -like 'VPN*') {
		if($Node.state -eq 'active') {
			$XML += "<result>"
				$XML += "<channel>"+ $Node.name +"</channel>"
				$XML += "<value>1</value>"
				$XML += "<LimitMode>1<LimitMode>"
				$XML += "<LimitMinError>1</LimitMinError>"
			$XML += "</result>"
		} Else {
			$XML += "<result>"
				$XML += "<channel>"+ $Node.name +"</channel>"
				$XML += "<value>0</value>"
				$XML += "<LimitMode>1<LimitMode>"
				$XML += "<LimitMinError>1</LimitMinError>"
			$XML += "</result>"
		}	
	}
}

$XML += "</prtg>" 

Function WriteXmlToScreen ([xml]$xml) #just to make it clean XML code...
{
    $StringWriter = New-Object System.IO.StringWriter;
    $XmlWriter = New-Object System.Xml.XmlTextWriter $StringWriter;
    $XmlWriter.Formatting = "indented";
    $xml.WriteTo($XmlWriter);
    $XmlWriter.Flush();
    $StringWriter.Flush();
    Write-Output $StringWriter.ToString();
}
WriteXmlToScreen "$XML"

Created on Feb 5, 2019 3:03:37 PM



Votes:

0

I thought so, perhaps Florian can help with his PowerShell skills.

What about "Additionally how can I set the channels so that they're red/down when the value is 0 and OK when the value is 1?"

Created on Feb 5, 2019 5:18:08 PM



Votes:

0

Hi there,

Thanks Florian! I wish I would have time for that. :D
As Florian showed above, he included both - filter vor "VPN" and the limits so you will get an error.

Best regards.

Created on Feb 6, 2019 8:46:08 AM by Dariusz Gorka [Paessler Support]



Votes:

0

Hi Cypher,

Seems there is a bit of an overlap with the posting - in any case - are you good or did I miss something?

@Dariusz - loool - I make time - space can bent due to gravity - making time relative... okay - I also have fun with it :-)

Regards

Florian

Created on Feb 6, 2019 2:33:27 PM



Votes:

0

Thank you Florian, we're extremly close.

I'm with you regarding curl, but I want it to work first, then I'll try to make it Powershell only.

I added and it works great, we're saving channels: if ($Node.name -like 'VPN*') {

But once I add: $XML += "<LimitMode>1<LimitMode>" $XML += "<LimitMinError>1</LimitMinError>"

It fails with: XML: XML Parser mismatch: Wanted </value>, got </val ue> -- JSON: The returned JSON does not match the expected structure (Invalid JSON.). (code: PE231)

The log files provide this message: WriteXmlToScreen : Cannot process argument transformation on parameter 'xml'. C annot convert value "<prtg><result><channel>VPN-aaaaaaaa</channel><value>1</val ue><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result><result><cha nnel>VPN-bbbbbbbb</channel><value>1</value><LimitMode>1<LimitMode><LimitMinErro r>1</LimitMinError></result><result><channel>VPN-ccccccc</channel><value>1</val ue><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result><result><cha nnel>VPN-ddddddd</channel><value>1</value><LimitMode>1<LimitMode><LimitMinError >1</LimitMinError></result><result><channel>VPN-eeeeeeeeee</channel><value>1</v alue><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result><result><c hannel>VPN-fffffffffff</channel><value>1</value><LimitMode>1<LimitMode><LimitMi nError>1</LimitMinError></result><result><channel>VPN-gggggggg</channel><value> 1</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result><resul t><channel>VPN-hhhhhhhhhhh</channel><value>1</value><LimitMode>1<LimitMode><Lim itMinError>1</LimitMinError></result><result><channel>VPN-iiiiiiiiiiiiiiii</cha nnel><value>1</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></r esult><result><channel>VPN-jjjjjj</channel><value>0</value><LimitMode>1<LimitMo de><LimitMinError>1</LimitMinError></result><result><channel>VPN-kkkkkkkkkk</ch annel><value>0</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></ result><result><channel>VPN-lllllllllll</channel><value>0</value><LimitMode>1<L imitMode><LimitMinError>1</LimitMinError></result><result><channel>VPN-Medilab: ID2</channel><value>0</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinE rror></result><result><channel>VPN-mmmmmmmmmmmmmmmmm</channel><value>1</value>< LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result><result><channel >VPN-nnnnnnnnnnnnnnn</channel><value>1</value><LimitMode>1<LimitMode><LimitMinE rror>1</LimitMinError></result><result><channel>VPN-ooooooooooooooooo</channel> <value>0</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result ><result><channel>VPN-ppppppppppppppppp</channel><value>0</value><LimitMode>1<L imitMode><LimitMinError>1</LimitMinError></result><result><channel>VPN-rrrrrrrr rrrrrrrrr</channel><value>1</value><LimitMode>1<LimitMode><LimitMinError>1</Lim itMinError></result><result><channel>VPN-sssssssssssssssss</channel><value>1</v alue><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result><result><c hannel>VPN-ttttttttttt</channel><value>1</value><LimitMode>1<LimitMode><LimitMi nError>1</LimitMinError></result><result><channel>VPN-uuuuuuuuuuu</channel><val ue>1</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result><re sult><channel>VPN-vvvvvvvvvvvvvvv</channel><value>0</value><LimitMode>1<LimitMo de><LimitMinError>1</LimitMinError></result><result><channel>VPN-xxxxxxxxxxxxxx xx</channel><value>1</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinEr ror></result><result><channel>VPN-yyyyyyyyyyyyyyy</channel><value>1</value><Lim itMode>1<LimitMode><LimitMinError>1</LimitMinError></result><result><channel>VP N-zzzzzzzzzzzzzzzzzzzzzzzzz</channel><value>0</value><LimitMode>1<LimitMode><Li mitMinError>1</LimitMinError></result><result><channel>VPN-aaaaaaaaaaaa</channe l><value>0</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></resu lt><result><channel>VPN-bbbbbbbbbbbbbbbbb</channel><value>0</value><LimitMode>1 <LimitMode><LimitMinError>1</LimitMinError></result><result><channel>VPN-cccccc ccccccccccc</channel><value>0</value><LimitMode>1<LimitMode><LimitMinError>1</L imitMinError></result><result><channel>VPN-ddddd</channel><value>1</value><Limi tMode>1<LimitMode><LimitMinError>1</LimitMinError></result><result><channel>VPN -eeeeeeeeeeeee</channel><value>0</value><LimitMode>1<LimitMode><LimitMinError>1 </LimitMinError></result><result><channel>VPN-ffffffffffffffffff</channel><valu e>0</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError></result><res ult><channel>VPN-gggggggggggggggg</channel><value>0</value><LimitMode>1<LimitMo de><LimitMinError>1</LimitMinError></result><result><channel>VPN-hhhhhhhhhhhh</ channel><value>1</value><LimitMode>1<LimitMode><LimitMinError>1</LimitMinError> </result><result><channel>VPN-iiiiiiiiiiiii</channel><value>0</value><LimitMode >1<LimitMode><LimitMinError>1</LimitMinError></result></prtg>" to type "System. Xml.XmlDocument". Error: "The 'LimitMode' start tag on line 1 position 75 does not match the end tag of 'result'. Line 1, position 119." At C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\VPNmonitor .ps1:45 char:18 + WriteXmlToScreen "$XML" + ~~~~~~ + CategoryInfo : InvalidData: (:) [WriteXmlToScreen], ParameterBi ndingArgumentTransformationException + FullyQualifiedErrorId : ParameterArgumentTransformationError,WriteXmlToS creen

Any ideas? Thank you again for your time and effort, it's very much appreciated.

Created on Feb 6, 2019 5:40:58 PM



Votes:

1

Hi there,

Simple reason for that error. The beginning tag and the end tag for the limit mode are both the same, you are missing the "/" in the end tag, see:

<LimitMode>1<LimitMode>

It should look like this instead:

<LimitMode>1</LimitMode>

Best regards.

Created on Feb 7, 2019 9:09:39 AM by Dariusz Gorka [Paessler Support]



Votes:

0

Thank you, that helped, there are no more errors now. Still all VPNs even the ones that are active (return the value of 1) are all shown as down. I tried to manually experiement with the channel limits, but I can't make it so, that 0 = red, 1 = green in the graphs.

Created on Feb 10, 2019 11:32:23 AM



Votes:

0

Hi there,

Currently the used limits should work. You use:

<LimitMode>1</LimitMode>
<LimitMinError>1</LimitMinError>

That means when the value falls below 1, you will get an error.

Are the limits correctly displayed in the gauges of the sensor?

Best regards.

Created on Feb 11, 2019 8:51:15 AM by Dariusz Gorka [Paessler Support]



Votes:

0

Yes, I'm using the exact same settings you provided.

That's the thing, they are not. All gauges are displayed as down/red. That is for channels that have the value of 0 and for channels that have a value of 1.

Created on Feb 11, 2019 9:09:55 AM



Votes:

0

Hi there,

The limits are working then. I suspect that you might be confused as the entire gauge is displayed in red, right? If so, then this is normal as the maximum value is 1 and minimum is 0 and as everything below 1 is considered as an error, you will see this area in red.

Best regards.

Created on Feb 11, 2019 9:57:12 AM by Dariusz Gorka [Paessler Support]



Votes:

0

You're correct. I just looked at the colors and expected green for those with the value of 1 and red for those with the value of 0.

Can this be achived? The entire project is based on the fact we need to provide a certain amount of people with a dashboard of our active, inactive VPNs. If they're all red, they'll have a hard time knowing what works and what doesn't.

Created on Feb 11, 2019 11:38:03 AM



Votes:

0

Hi there,

Technically they are green. Just the area within the gauge under 1 is red. That means there is no way to change this.

The only way would be to use a lookup instead:
https://www.paessler.com/manuals/prtg/define_lookups

Best regards.

Created on Feb 11, 2019 1:55:59 PM by Dariusz Gorka [Paessler Support]



Votes:

0

well... you could provide an upper limit of e.g. 2 - this would cause the Gauge to grow and your possibly would see it is right at the edge but still green...

Use this - if I am not mistaken:

<LimitMaxError>2</LimitMaxError>

Florian

Created on Feb 11, 2019 2:48:17 PM



Votes:

0

Hello,

this is how it looks: VPN

Created on Feb 11, 2019 5:29:00 PM

Last change on Feb 12, 2019 9:40:43 AM by Dariusz Gorka [Paessler Support]



Votes:

0

Hi there,

That is correct. As mentioned, the max value is 1 the min value is 0. As everything under 1 is considered as an error, the gauge will reflect this limit.

Best regards.

Created on Feb 12, 2019 9:41:19 AM by Dariusz Gorka [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.