Monitoring NetScaler with PRTG

PRTG has become my go to for monitoring when there’s a need to monitor lots of different components like switches, servers and services.  PRTG provides a platform that’s easier to use than most, but still has a ton of power and flexibility.  It can monitor pretty much anything through generic interfaces (SNMP, WMI, Powershell, etc…).  There are also many robust built-in monitors for specific systems like Exchange, NetApp and vSphere.  Missing from that list, though, is NetScaler.

Fortunately, PRTG provides a very easy to use SDK.  I was able to write a collection of PRTG scripts leveraging NITRO through the NetScaler PowerShell Module.


Script download:

There are a few scripts in the collection.  Each one can be created as a PRTG sensor to query a NetScaler instance.

  • NetScaler-AppliancePerformance.ps1 – Monitor general NetScaler perfomance stats.
    • CPU utlization
    • Packet engine CPU utilization
    • Management engine CPU utilization
    • Disk usage
    • Memory usage
    • Network throughput (RX/TX)
    • SSL transactions per second
  • NetScaler-AllvServer-State.ps1 – Monitor state and health of all instances of all vServer types.
    • Health % for each vServer
    • State (Up, down, maint) for each vServer
    • Note: includes Load Balancing, AAA, VPN (Gateway) and Content Switch vServers
  • NetScaler-LBvServer-State.ps1 – Monitor state and health of all instances of Load Balancer vServers.
    • Health % for each vServer
    • State (Up, down, maint) for each vServer
  • NetScaler-CertExpiration.ps1 – Monitor days until expiration for all SSL server certificates.
    • Days until next certificate expiration date
    • Days until expiration for each server type certificate
  • NetScaler-ConfigSavedState.ps1 – Monitor for unsaved configuration changes.
    • Unsaved configuration change status
    • Time since changes were saved

Each of these pulls the data from the NetScaler and feeds it to PRTG to make nice formatted charts and meters:


Install the NetScaler Powershell Module on the PRTG server

On the PRTG Server open a Powershell (x86) prompt as admin and run:

Install-Module -Name NetScaler -scope AllUsers

Set-ExecutionPolicy Unrestricted

Note: This MUST be done in the (x86) version of powershell.

Create a NetScaler user

Create a new user on the NetScaler for PRTG to use.  Ideally, this user should be assigned the read-only Command Policy.  The user can be an Active Directory user, but it tends to work best with a local NetScaler user.

Load the scripts into PRTG

Copy all of the .ps1 files to the Custom Sesors\EXEXML directory (default location is: C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML).

Copy all of the .ovl files to the lookups\custom directory (default location is: C:\Program Files (x86)\PRTG Network Monitor\lookups\custom)

Reload the PRTG lookup tables.  In PRTG go to Setup > Administrative tools and choose Reload lookups.  If PRTG is unable to find the scripts, or doesn’t display the names for the sensor statuses, restart the core server.

Create the sensors

First, add a NetScaler device to PRTG.  Use the NSIP (or equivalent dns address) for the hostname.  After it’s created, edit the device settings and set the Linux credentials to the readonly account you created above.

Add a new sensor to the NetScaler device with the EXE/Script type.  Set the name to the display name you want to see in PRTG.  Set EXE/Script to the script you want.  Under parameters enter:

%host %linuxuser %linuxpassword


If you add/remove vServers to the NetScaler configuration after creating the sensor, they might not show up in PRTG.  This is due to the way channels are handled in PRTG sensors.  In this case, you’ll have to delete and recreate the sensor.

If you have IP Reputation enabled, the NetScaler will auto update the reputation database ever 5 minutes (default). When this happens, the “Last Config Changed Time” time will be updated. This will cause the “Time since changes were saved” counter in NetScaler-ConfigSavedState.ps1 to be inaccurate.  Don’t bother using this script if IP Reputation is enabled.

10 Comments on Monitoring NetScaler with PRTG

  1. If you want to run the NetScaler-ConfigSavedState script on a non English system, change the Script as follows:
    Add line:
    $Culture = [System.Globalization.CultureInfo]::InvariantCulture
    Change line 20 to:
    $LastConfigChangedTime = [datetime]::ParseExact($LastConfigChangedTime, “ddd MMM d HH:mm:ss yyyy”, $Culture)

  2. Reto, that’s an awesome suggestion. I’ll take a look at the scripts and see if this should be applied anywhere else. Thanks!

  3. Kim Laurits Kristensen | July 12, 2018 at 7:03 am | Reply

    Awsome 🙂 Easy to setup and gives valuable information.

    I got one issue. When I use the script “NetScaler-LBvServer-State” – it doesn’t seem to like vServers that are non-adressable and used in a content-switch.
    In value it writes “configered lookup is empty or not available”.

    • That’s really odd. Most of my LB vServers are non-addressable and behind content switches as well. That error means that the status script returned a code that isn’t defined in the lookup file. Would you be able to create a sensor log and post the output of the script so I can see what’s missing?

  4. Hi Guys
    I tried several times to put this sensor to work in my PRTG env. but I’m getting this error I’ve followed all the instruction but is not use, maybe I;m doing something wrong
    XML: The returned XML does not match the expected schema. (code: PE233) — JSON: The returned JSON does not match the expected structure (Invalid JSON.). (code: PE231)

  5. How can I exclude a LB vServer that is allways down? Would be great if I can use a Text file where the excluded vserver are listet

    • I will look at adding a variable that can be passed from the sensor settings screen to exclude a vServer. In the mean time though, you can disable the error/warning thresholds on individual channels in the sensor channel settings screen in PRTG. This won’t hide the down vServer, but it will ignore it when PRTG determines if the sensor is up or down. That effectively ignores that vServer for alerts.

  6. Hi I have 3 VPX configured and one of them has the (Code:PE231) Error. This is NS Version.
    Can this be the Problem? I have disabled the Cert Check:
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
    and also set HTTPS:$true

    $Session = Connect-Netscaler -Hostname $Nsip -Credential $Credential -PassThru -Https:$true

    • Can you upload a the sensor logs to a location where I can look at them? There are a lot of possible reasons for that error, but the logs will show exactly what’s happening.

1 Trackbacks & Pingbacks

  1. PRTG – Citrix ADC überwachen – PIT – Power of IT

Leave a comment

Your email address will not be published.