What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

Why do I have to store SQL sensor queries and custom scripts in files on the probe computer?



Your Vote:



The SQL sensors that PRTG includes are a great help to maintain my databases. However, I wonder why I need to store the queries in a text file on the PRTG probe system. When I want to change the query, I always have to log in to that machine to access the SQL query file. The same is for all my custom sensors that execute scripts.

Couldn't there be an easier option like changing queries directly via the PRTG web interface?

custom-sensor prtg script security sql sql-queries usage

Created on Aug 1, 2017 10:12:07 AM by  Gerald Schoch [Paessler Support]

Last change on May 27, 2019 5:40:22 AM by  Maike Guba [Paessler Support]

2 Replies

Accepted Answer



Your Vote:



This article applies to PRTG Network Monitor 19 or later

Security feature: No access to scripts via the PRTG web interface

As a network monitoring tool, PRTG has a high responsibility for your network safety and comes with a lot of features that address security. Just see this Knowledge Base article for a list of security features in PRTG: What security features does PRTG include?

You may not directly realize many security-related features, but some are more prominent. One of the more visible security features is for sensor types that execute custom scripts. These not only include custom script sensors, but also the SQL sensors that we introduced with PRTG version 14.4.12.

For security reasons, these sensor types require that you store your SQL query in its own file. You have to store this script on the computer running the local or remote probe to which you add a database sensor.

Security and ease of use

In some cases, this approach confuses our customers a bit because affected sensors might not be as intuitive and easy to use as PRTG features usually are.

For example, some customers suggest providing the option to create and adjust SQL queries directly via the sensor settings in the PRTG web interface like in old PRTG versions. And yes, we agree. On the one hand, this would be an easier approach in some use cases. But on the other hand, it would be also less secure, so going the indirect way is worth the effort.

Network security and read/write access to scripts

The main point of our security concept for such sensor types is that to create or modify a script that PRTG executes on a remote system, you must have access to the local disk of this system. We assume that computers on which the PRTG server with the local probe or any remote probes run (and so the system where PRTG will execute a script) are secure, because the administrator will do everything to make sure that only authorized persons can access these machines.

This way, if an attacker manages to capture a login into your PRTG web interface, they will not be able to compromise your network by running malicious scripts on the PRTG server or probe system. Just imagine someone sending a DROP TABLE statement to your database server. Our security concept ensures that someone who only has access to the PRTG web interface is neither able to inject a script into a remote system, nor able to modify an existing script, they always need access to the file system itself.

A positive side effect of this concept is that even if a possible attacker obtains read rights for your PRTG web interface, they would not get more than the name of the remote script. No internal structure information about your databases will be exposed.

Created on Aug 1, 2017 10:19:22 AM by  Gerald Schoch [Paessler Support]

Last change on Dec 9, 2020 12:22:08 PM by  Brandy Greger [Paessler Support]



Your Vote:



CORP IT developed for PRTG a DATABSE MONITORING PLUGIN which supports

  • PRTG Multicore & Enterprise
  • manages your own designed queries but it delivers a lot of pre-defined senseful queries, too
  • which could be updated from CORP-IT`s webpage.

The DB PLUGIN supports:

  • Oracle
  • Mysql
  • SAP Hana
  • SAP ASE/Sybase
  • DB2
  • Informix
  • MaxDB

There is a 30 day free version available : https://www.corp-it.ch/products/prtg-db-plugin

In case of questions you can contact [email protected]


Created on Dec 4, 2020 10:21:21 AM by  Thomas Wächter (180) 2 1

Please log in or register to enter your reply.

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.