<%NUMBERING1%>.<%NUMBERING2%>.<%NUMBERING3%> PRTG Manual: Add an Auto-Discovery Group

Group Name

Enter a meaningful name to identify the group. By default, PRTG shows this name in the device tree, as well as in alarms, logs, notifications, reports, maps, libraries, and tickets.

If the name contains angle brackets (<>), PRTG replaces them with braces ({}) for security reasons. For more information, see the Knowledge Base: What security features does PRTG include?

Tags

Enter one or more tags. Confirm each tag with the Spacebar key, a comma, or the Enter key. You can use tags to group objects and use tag-filtered views later on. Tags are not case-sensitive. Tags are automatically inherited.

It is not possible to enter tags with a leading plus (+) or minus (-) sign, nor tags with parentheses (()) or angle brackets (<>).

Auto-Discovery Level

Select the level of detail for the auto-discovery:

• No auto-discovery: Select this option if you only want to manually create devices and sensors.

• Standard auto-discovery (recommended): Create a set of standard sensors for standard monitoring. This option works fine for most installations.
• Detailed auto-discovery: Create all standard sensors and additional sensors from detailed variants of device templates. As a result, you might get many sensors. This option is suitable for small network segments and whenever you want to monitor the maximum number of sensors available.
• Auto-discovery with specific device templates: Customize the auto-discovery and select or combine standard, detailed, and custom device templates. Select one or more templates from the Devices Templates list.

Auto-discoveries can be resource intensive. They are primarily intended for devices on the same network as your probes.

Device Templates

This setting is only visible if you enable Auto-discovery with specific device templates above. Select one or more templates by adding a check mark in front of the template name. You can also select all items or cancel the selection by using the check box in the table header. PRTG uses the templates that you select for the auto-discovery on the device. Choose from:

• ADSL
• Amazon CloudWatch
• Buffalo TeraStation NAS
• Cisco ASA VPN
• Cisco Device (Generic)
• Dell EqualLogic
• Dell MDi Disk
• DNS Server
• Environment Jacarta
• Environment Poseidon
• FTP Server
• Generic Device (PING only)
• Generic Device (SNMP-enabled)
• Generic Device (SNMP-enabled, Detailed)
• HTTP Web Server
• Hyper-V Host Server
• IPMI enabled devices
• Juniper NS Device
• Linux/UNIX Device (SNMP or SSH enabled)
• Mail Server (Generic)
• Mail Server (MS Exchange)
• Microsoft SharePoint 2010
• NAS LenovoEMC
• NAS QNAP
• NAS Synology
• NetApp
• NTP Server
• Printer (HP)
• Printer Generic
• RDP Server
• RMON compatible device
• Server (Compaq/HP agents)
• Server (Dell)
• Server (Fujitsu)
• Server Cisco UCS
• Server IBM
• SonicWall
• SSL Security Check
• Switch (Cisco Catalyst)
• Switch (Cisco IOS Based)
• Switch (HP Procurve)
• UNIX/Linux Device
• UPS Health (APC)
• UPS Health (Generic)
• UPS Health (Liebert)
• VMware ESX / vCenter Server
• Web Server
• Windows (Detailed via WMI)
• Windows (via Remote PowerShell)
• Windows (via WMI)
• Windows IIS (via SNMP)
• Xen Hosts
• Xen Virtual Machines

Once the auto-discovery is finished, PRTG creates a new ticket and lists the device templates that it used to create new sensors.

Schedule

Select when PRTG runs the auto-discovery:

• Once: Run the auto-discovery only once. PRTG adds new devices and sensors once. If you select this option, you have to manually start the auto-discovery.
• Hourly: Run the auto-discovery for new devices and sensors every 60 minutes.
  Use this option with caution. Frequent auto-discoveries might cause performance issues, in particular when PRTG scans large network segments every hour.
• Daily: Run the auto-discovery for new devices and sensors every 24 hours. The first auto-discovery runs immediately. All other discoveries start at the time that you define in the Monitoring settings, section Auto-Discovery.
• Weekly: Run the auto-discovery for new devices and sensors every 7 days. The first auto-discovery runs immediately. All other discoveries start at the time that you define in the Monitoring settings, section Auto-Discovery.

For performance reasons, PRTG sets Schedule to Once on all devices that the scheduled auto-discovery creates.

IP Selection Method

Select how you want to define the IP range for the auto-discovery:

• Class C base IP with start/end (IPv4): Enter an IPv4 class C address range.
• List of individual IPs and DNS names (IPv4): Enter a list of individual IPv4 addresses or Domain Name System (DNS) names.
• IP and subnet (IPv4): Enter an IPv4 address and subnet mask.
• IP with octet range (IPv4): Enter an IPv4 address range for every IP octet individually. With this, you can define very customizable IP ranges.
• List of individual IPs and DNS names (IPv6): Enter a list of individual IPv6 addresses or DNS names.
• Use computers from the Active Directory (maximum 1000 computers): Search in the Active Directory for computers to perform the auto-discovery.
  Make sure that you specify your Active Directory domain in the Core & Probes settings.

PRTG can only discover subnets with up to 65,536 IP addresses. If you define a range with a higher number of addresses, the discovery stops before it is completed.

IPv4 Base

This setting is only visible if you enable Class C base IP with start/end (IPv4) above. Enter a class C network as the IP base for the auto-discovery. Enter the first three octets of an IPv4 address, for example, 192.168.0.

IPv4 Range Start

This setting is only visible if you enable Class C base IP with start/end (IPv4) above. Enter the IP octet of the class C network (specified above) from which PRTG starts the auto-discovery. This completes the IP base to an IPv4 address. For example, enter 1 to discover from 192.168.0.1 onwards.

IPv4 Range End

This setting is only visible if you enable Class C base IP with start/end (IPv4) above. Enter the IP octet of the class C network (specified above) at which PRTG stops the auto-discovery. This completes the IP base to an IPv4 address. For example, enter 254 to discover up to 192.168.0.254.

IPv4/DNS Name List
IPv6/DNS Name List

This setting is only visible if you select on of the List of individual IPs and DNS names options above. Enter a list of IP addresses or DNS names that the auto-discovery scans. Enter each address on a separate line.

IPv4 and Subnet (IPv4)

This setting is only visible if you enable IP and subnet (IPv4) above. Enter an expression in the format address/subnet, for example, 192.168.3.0/255.255.255.0. You can also use the short form like 192.168.3.0/24. PRTG scans the complete host range (without network and broadcast address) that is defined by the IP address and the subnet mask.

IP with Octet Range

This setting is only visible if you enable IP with octet range (IPv4) above. Enter an expression in the format a1.a2.a3.a4, where a1, a2, a3, and a4 are each a number between 0-255, or a range with two numbers and a hyphen like 1-127. PRTG calculates all permutations of all ranges. For example, 10.0.1-10.1-100 results in 1,000 addresses that PRTG scans during the auto-discovery.

Organizational Unit

This setting is only visible if you enable Use computers from the Active Directory (maximum 1000 computers) above. Enter an organizational unit (OU) to restrict the Active Directory search to computers that are part of this OU. For top-level OUs, use the distinguished name (DN) format without OU= and without the domain components (DCS). If you leave this field empty, there are not any restrictions.

Example:

• For the DN OU=Domain Controllers,DC=example,DC=com, enter only Domain Controllers.

If you have sub-OUs, use the DN format without the leading OU= and without the DCs.

Examples:

• For the DN OU=webserver,OU=production,DC=example,DC=com, enter only webserver,OU=production.
• For the DN OU=intranet,OU=webserver,OU=production,DC=example,DC=com, enter only intranet,OU=webserver,OU=production.

Make sure that the OU contains computer accounts. If the OU is empty, you receive an error message.

Do not enter the domain components. PRTG automatically uses the domain components from the domain name you enter in the Core & Probes settings.

Name Resolution

Select how to monitor newly discovered devices. This only affects new devices. This does not change the setting for other devices. Depending on your selection, the IP Address/DNS Name field of an added device shows the DNS name or IP address that PRTG uses to access the target device. Choose between:

• Use DNS names (recommended): Monitor newly discovered devices via their DNS names (if available). We recommend that you use this option.
• Use IP addresses: Monitor newly discovered devices via their IP addresses.

This setting does not affect how PRTG shows the devices in the device tree.

Device Rescan

Select how to handle known devices:

• Skip auto-discovery for known devices/IPs (recommended): Do not rescan known devices or IP addresses. PRTG only adds devices with new IPs or DNS names. PRTG does not add devices that that already exist in your configuration for example, in other groups. We recommend that you use this option.
• Perform auto-discovery for known devices/IPs: Rescan devices that have known IP addresses with every auto-discovery. PRTG adds devices that already exist in other groups to this group and runs the auto-discovery on the newly added devices.
  The auto-discovery does not run on devices that already exist in the group. If you want to run the auto-discovery for these devices, you have to manually start the auto-discovery on them.

In certain cases, the IP resolution might not work and might result in PRTG not adding a device if it has the same local IP address as it does in a different LAN.

Domain or Computer Name

Enter the authority for Windows access. This is used for Windows Management Instrumentation (WMI) and other Windows sensors. If you want to use a Windows local user account on the target device, enter the computer name. If you want to use a Windows domain user account (recommended), enter the (Active Directory) domain name. If If you do not explicitly define it, PRTG automatically adds a prefix to use the NT LAN Manager (NTLM) protocol. Do not leave this field empty.

User

Enter the username for Windows access. Usually, you use credentials with administrator rights.

Password

Enter the password for Windows access. Usually, you use credentials with administrator rights.

User

Enter a login name for the access via Secure Shell (SSH) and Web-based Enterprise Management (WBEM). Usually, you use credentials with administrator rights.

Login

Select the authentication method to use for the login:

• Login via Password: Provide a password for the login.
• Login via Private Key: Provide a private key for authentication.
  PRTG can only handle keys in the OpenSSH format that are not encrypted. You cannot use password-protected keys. Paste the entire private key, including the BEGIN and END lines. Make sure that a corresponding public key exists on the target device. For details, see section Monitoring via SSH.

Password

This setting is only visible if you enable Login via Password above. Enter a password for the Linux access via SSH and WBEM. Usually, you use credentials with administrator rights.

Private Key

This setting is only visible if you enable Login via Private Key above. Paste a private key into the field (OpenSSH format, unencrypted). Usually, you use credentials with administrator rights.

If you are not inserting a private key for the first time but instead, you want to change the private key, you need to restart the PRTG core server service for the private key change to take effect. For details, see section Monitoring via SSH.

For WBEM Use Protocol

This setting is only relevant if you use WBEM sensors.

Select the protocol to use for WBEM:

• HTTP: Use an unsecure connection for WBEM.
• HTTPS: Use a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) secured connection for WBEM.

For WBEM Use Port

This setting is only relevant if you use WBEM sensors.

Select how to set the port to use for WBEM:

• Set automatically (port 5988 or 5989): Use one of the default ports. The default port for unsecure connections is 5988 and the default port for secure connections is 5989.
• Set manually: Use a custom port.

WBEM Port

This setting is only visible if you enable Set manually above. Enter the WBEM port number.

SSH Port

Enter the port number to use for SSH connections. The default port is 22.

By default, PRTG automatically uses this setting for all SSH sensors unless you define a different port number in the sensor settings.

SSH Rights Elevation

Select the rights that you want to use to execute the command on the target system:

• Run the command as the user connecting (default): Use the rights of the user who establishes the SSH connection, as defined above.
• Run the command as another user using 'sudo' (with password): Use the rights of another user with a password required for sudo to run commands on the target system, for example, as root user.
• Run the command as another user using 'sudo' (without password): Use the rights of another user without a password required for sudo to run commands on the target system, for example, as root user.
• Run the command as another user using 'su': Use the rights of another user with su to run commands on the target system.

Target User

This setting is only visible if you select a sudo or su option above. Enter a username to run the specified command as a user other than root. If you leave this field empty, you run the command as root. Make sure that you set the Linux password even if you use a public key or a private key for authentication. This is not necessary if the user is allowed to execute the command without a password.

Password

This setting is only visible if you choose to run the commands using su or sudo with password above. Enter the password for the specified target user.

SSH Engine

Select the method that you want to use to access data with SSH sensors:

We strongly recommend that you use the default SSH engine. For now, you can still use the legacy mode to ensure compatibility with your target systems.

• Default (recommended): This is the default monitoring method for SSH sensors. It provides the best performance and security.
• Compatibility Mode (deprecated): Try this legacy mode only if the default mode does not work on the target system. The compatibility mode is the SSH engine that PRTG used in previous versions and it is deprecated. We will remove this legacy option soon, so try to get your SSH sensors to run with the default SSH engine.

You can also individually select the SSH engine for each SSH sensor in the sensor settings.

User

Enter a login name for access to VMware and Xen servers. Usually, you use credentials with administrator rights.

Password

Enter a password for access to VMware and Xen servers. Usually, you use credentials with administrator rights.

single sign-on (SSO) passwords for vSphere do not support special characters. See the sections for VMware sensors for details.

VMware Protocol

Select the protocol to use for the connection to VMware and XenServer:

• HTTPS (recommended): Use a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) secured connection.
• HTTP: Use an unsecure connection.

Session Pool

Select if you want to use session pooling for VMware sensors:

• Reuse session for multiple scans (recommended): Select this option to use session pooling. With session pooling, a VMware sensor uses the same session as created in advance to query data and does not need to log in and out for each sensor scan. We recommend that you use this option because it reduces network load and log entries on the target device, which can increase performance.
• Create a new session for each scan: If you select this option and disable session pooling, a VMware sensor has to log in and out for each sensor scan, which can decrease performance.

SNMP Version

Select the Simple Network Management Protocol (SNMP) version for the device connection:

• v1: Use SNMP v1 for the connection. SNMP v1 only offers clear-text data transmission.
  SNMP v1 does not support 64-bit counters. This might result in invalid data when you monitor traffic via SNMP.
• v2c (recommended): Use SNMP v2c for the connection. SNMP v2c also only offers clear-text data transmission but it supports 64-bit counters.
• v3: Use SNMP v3 for the connection. SNMP v3 provides secure authentication and data encryption.
  If you select v3, you can only monitor a limited number of sensors per second because of internal limitations. The limit is somewhere between 1 and 50 sensors per second (depending on the SNMP latency of your network). This means that a scanning interval of 60 seconds limits you to between 60 and 3000 SNMP v3 sensors per probe. If you see an increase in Interval Delay or Open Requests with the Probe Health sensor, distribute the load over multiple probes. v1 and v2 do not have this limitation.

Community String

This setting is only visible if you select v1 or v2c above. Enter the community string of your devices. This is like a clear-text password for simple authentication. We recommend that you use the default value.

Authentication Type

This setting is only visible if you select v3 above. Select the authentication type:

• MD5: Use message-digest algorithm 5 (MD5) for authentication.
• SHA: Use Secure Hash Algorithm (SHA) for authentication.

If you do not want to use authentication but you need SNMP v3, for example, because your device requires context, you can leave Password empty. In this case, PRTG uses SNMP_SEC_LEVEL_NOAUTH and it entirely deactivates authentication.

The authentication type you select must match the authentication type of your device.

User

This setting is only visible if you select v3 above. Enter a username for secure authentication.

The username that you enter must match the username of your device.

Password

This setting is only visible if you select v3 above. Enter a password for secure authentication.

The password that you enter must match the password of your device.

Encryption Type

This setting is only visible if you select v3 above. Select an encryption type:

• DES: Use Data Encryption Standard (DES) as the encryption algorithm.
• AES: Use Advanced Encryption Standard (AES) as the encryption algorithm.

Net-SNMP does not support AES-192 and AES-256. They do not have RFC specifications.

The encryption type that you select must match the encryption type of your device.

Data Encryption Key

This setting is only visible if you select v3 above. Enter an encryption key. If you provide a key, PRTG encrypts SNMP data packets with the encryption algorithm that you selected above, which provides increased security. Enter a string or leave the field empty.

The encryption key that you enter must match the encryption key of your device. If the encryption keys do not match, you do not get an error message.

Context Name

This setting is only visible if you select v3 above. Enter a context name only if the configuration of the device requires it. Context is a collection of management information that is accessible by an SNMP device. Enter a string.

SNMP Port

Enter the port for the SNMP communication. The default is 161. We recommend that you use the default value.

Timeout (Sec.)

Enter a timeout in seconds for the request. Enter an integer value. If the reply takes longer than this value, the sensor cancels the request and triggers an error message. The maximum timeout value is 300 seconds (5 minutes).

Port for Databases

Select the port PRTG uses for connections to the monitored databases:

• Set automatically (default port, recommended): PRTG automatically determines the type of the monitored database and uses the corresponding default port to connect. PRTG uses the following default ports:

• Microsoft SQL: 1433
• MySQL: 3306
• Oracle SQL: 1521
• PostgreSQL: 5432

• Define one custom port valid for all database sensors: Select this option if your database management systems do not use the default ports. Enter the port for database connections below. If you select this option, PRTG uses the custom port for all database sensors.

Custom Database Port

Enter the number of the custom port that PRTG uses for database connections. Enter an integer value.

PRTG uses this port for all database sensors that inherit this setting.

Authentication Mode

Select the authentication mode for the connection to the Structured Query Language (SQL) database:

• Windows authentication with impersonation: PRTG uses the Windows credentials that you define in settings that are higher in the object hierarchy (for example, in the settings of the parent device) for the database connection.
  The user whose credentials are used needs to have permission to log on to the probe system with a database sensor. This is necessary for the impersonation.
• SQL server authentication: Use explicit credentials for database connections.

User

This setting is only visible if you enable SQL server authentication above. Enter the username for the database connection.

Password

This setting is only visible if you enable SQL server authentication above. Enter the password for the database connection.

Timeout (Sec.)

Enter a timeout in seconds for the request. Enter an integer value. If the reply takes longer than this value, the sensor cancels the request and triggers an error message. The maximum timeout value is 300 seconds (5 minutes).

Access Key

Enter your Amazon Web Services (AWS) access key.

Secret Key

Enter your AWS secret key.

User

Enter a username for authentication against the Dell EMC system.

Password

Enter a password for authentication against the Dell EMC system.

Port

Enter the port for the connection to the Dell EMC system. The default port for secure connections is 443.

Tenant ID

Enter your Azure AD tenant ID.

A tenant ID must be a 32-digit sequence in hexadecimal notation.

Client ID

Enter your Azure AD client ID.

Client Secret

Enter your Azure AD client secret.

Tenant ID

Enter your Azure AD tenant ID.

A tenant ID must be a 32-digit sequence in hexadecimal notation.

Client ID

Enter your Azure AD client ID.

Client Secret

Enter your Azure AD client secret.

Subscription ID

Enter your Azure AD subscription ID.

User Credentials

Select if you want to connect without credentials, or define credentials for the connection.

• None: Connect without credentials.
• Username/Password: Define credentials for the connection.

User

This setting is only visible if you enable Username/Password above. Enter the username for access to the Message Queue Telemetry Transport (MQTT) broker.

Password

This setting is only visible if you enable Username/Password above. Enter the password for access to the MQTT broker.

Port

Enter the port number for MQTT connections. The default port for unsecure connections is 1883 and the default port for secure connections is 8883.

Connection Security

Select if you want to use a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) secured connection:

• Do not use transport-level security: Establish the connection without connection security.
• Use transport-level security: Establish the connection with the strongest SSL/TLS method that the target device provides.

Server Authentication

This setting is only visible if you enable Use transport-level-security above. Select if you want to use a certificate for server authentication.

• Disable server authentication: Do not use a certificate for server authentication.
• Enable server authentication: Use a certificate for server authentication.

CA Certificate

Copy the certificate authority (CA) certificate for verifying the MQTT server and paste it here.

The certificate must be in Privacy-Enhanced Mail (PEM) format.

Client Authentication

This setting is only visible if you enable Use transport-level-security above. Select if you want to use a certificate for client authentication.

• Disable client authentication: Do not use a certificate for client authentication.
• Enable client authentication: Use a certificate for client authentication.

Client Certificate

Copy the certificate that you created for authenticating the sensor against the server and paste it here.

The certificate must be in PEM format.

Client Key

Enter the client key for authentication against the server.

The client key must be encrypted using the Client Key Password.

Client Key Password

Enter the password for the client key certificate.

Port

Enter the port for the connection to the OPC Unified Architecture (OPC UA) server. The default port for secure connections is 4840.

Server Path

Enter the path of the OPC UA server endpoint if you run more than one server under the same IP address or DNS name.

Security Mode

Select if you want to use encryption:

• None (default): Do not use encryption.
• Sign: Sign messages between the sensor and the UPC UA server.
• Sign & Encrypt: Sign and encrypt messages between the sensor and the UPC UA server.

Security Policy

This setting is only visible if you select Sign or Sign & Encrypt above. Select if you want to use a security policy and define which one you want to use:

• None (default): Do not use a security policy.
• Basic256Sha256: Use the Basic256Sha256 security policy.
• Basic256: Use the Basic256 security policy.

Client Certificate

Copy the certificate that you created for authenticating the sensor against the OPC UA server and enter it here.

The certificate must meet the following requirements:

• Key size must be 2048-bit.
• Secure hash algorithm must be SHA256.
• DataEncipherment must be part of the KeyUsage certificate extension.
• Common name must be correct.
• Uniform resource indicator (URI) must be set in subjectAltName.
  The URI in the certificate must match the URI set on the OPC UA server.

Client Key

Enter the client key for authentication against the server.

The client key must be encrypted using the Client Key Password.

Client Key Password

Enter the password for the client key certificate.

User Authentication

Select if you want to connect without credentials or define credentials for the connection:

• Anonymous (default): Connect without credentials.
• Username/Password: Define credentials for the connection.

Most OPC UA servers do not support Username/Password authentication without a client certificate. To use Username/Password authentication, select Sign or Sign & Encrypt under Security Mode and Basic256Sha256 or Basic256 under Security Policy and enter the Client Certificate, Client Key, and Client Key Password that you want to use.

User

This setting is only visible if you enable Username/Password above. Enter the username for authentication against to the OPC UA server.

Password

This setting is only visible if you enable Username/Password above. Enter the password for authentication against to the OPC UA server.

Authentication Method

Select whether to use an authentication method for the connection to Orchestra:

• None (default)
• Username/Password

User

This setting is only visible if you enabled the option Username/Password. Enter a username for authentication against the Orchestra platform.

Password

This setting is only visible if you enabled the option Username/Password. Enter a password for authentication against the Orchestra platform.

Timeout (Sec.)

Enter a timeout in seconds for the request. Enter an integer value. If the reply takes longer than this value, the sensor cancels the request and triggers an error message. The maximum timeout value is 300 seconds (5 minutes).

Port

Enter a port number for the connection to Orchestra. The default port for an HTTPS connection is 8443 and the default port for an HTTP connection is 8019.

Protocol

Select the protocol that you want to use for the connection to Orchestra:

• HTTPS (default)
• HTTP

User

Enter the username of your Veeam Backup Enterprise Manager account.

Password

Enter the password of your Veeam Backup Enterprise Manager account.

Port

Enter a port number for the connection to the Veeam Backup Enterprise Manager. The default port for secure connections is 9398.

User Group Access

Select the user groups that have access to the object. You see a table with user groups and group access rights. The table contains all user groups in your setup. For each user group, you can choose from the following group access rights:

• Inherited: Inherit the access rights settings of the parent object.
• No access: Users in this user group cannot see or edit the object. The object neither shows up in lists nor in the device tree.
  There is one exception: If a user in this user group has access to a child object, the parent object is visible in the device tree but users in this user group cannot access it.
• Read access: Users in this group can see the object and view its monitoring results. They cannot edit any settings.
• Write access: Users in this group can see the object, view its monitoring results, and edit its settings. They cannot edit its access rights settings.
• Full access: Users in this group can see the object, view its monitoring results, edit its settings, and edit its access rights settings.

To automatically set all child objects to inherit this object's access rights, enable the Revert children's access rights to inherited option.

For more details on access rights, see section Access Rights Management.