How can I share the status of my network with others, e.g. other departments or management, without disclosing security sensitive data?
Created on Feb 10, 2010 9:39:56 AM by
Last change on Feb 10, 2010 12:59:32 PM by
How can I safely publish my PRTG data?
Votes:
3
3 Replies
Accepted Answer
Votes:
2
This article applies to PRTG Network Monitor 14 or later, as well as to previous (deprecated) versions
Preliminaries
First and foremost, change the default administrator login credentials (prtgadmin / prtgadmin). All PRTG installations use this default configuration and your installation will never be secure if you continue to use these settings.
If possible, use HTTPS for access to the PRTG web servers. You can control this using the PRTG Administration Tool that you can find in the Windows “Start” menu or via the PRTG web interface.
The default SSL certificate included with PRTG’s web server is completely secure but causes web browsers to show a warning notification because it does not match the respective server’s DNS name. To avoid this you must purchase your own SSL certificate and install it on your PRTG system. See How can I use a trusted SSL certificate with the PRTG web interface? for more details.
If you intend to distribute URLs from your PRTG installation, make sure that your DNS, firewall and NAT settings allow others to access the web server (port 80 or 443 for SSL) from the outside world.
Solution: Public Maps
Your best choice is to use the “public maps” feature. This feature requires minimal configuration effort. The map can be used as a web page by itself or can be embedded in other web pages (e.g. Intranets) using IFRAMEs.
- Pros: Quick to set up. You can design the layout yourself. You can use logos and a background image.
- Cons: Public users can not access more information than visible on the map, i.e. they cannot “drill” into the data. Depending on your needs, this can also be an intended feature.
Public maps are best suited for situations were only a few selected information blocks are to be published for others.
What you need to do:
- Create a new map by choosing Maps | Add Map from the main menu.
- Enter a name of your choice and select Yes for the Allow Public Access option.
- Add map objects to the map and arrange them on the screen as desired. Click the View Map tab to check the final layout.
- Click the Get HTML tab to find instructions on how to use the map’s URL directly or how to embed the map into another webpage using an IFRAME.
Please have a look at the maps section of the manual for more information: PRTG Manual: Maps
Created on Feb 10, 2010 10:29:44 AM by
Last change on Jul 18, 2018 12:30:29 PM by
Votes:
0
This article applies to PRTG Network Monitor 12 or later, as well as to previous (deprecated) versions
Preliminaries
First and foremost, change the default administrator login credentials (prtgadmin / prtgadmin). All PRTG installations use this default configuration and your installation will never be secure if you continue to use these settings.
If possible, use HTTPS for access to the PRTG web servers. This is controlled using the "PRTG Server Administrator" that can be found under the “Start” menu. The default SSL certificate included with PRTG’s web server is completely secure but causes web browsers to show a warning notification because it does not match the respective server’s DNS name. To avoid this you must purchase your own SSL certificate and install it on your PRTG system. See How can I use a trusted SSL certificate with the PRTG web interface? for more details.
If you intend to distribute URLs from your PRTG installation, make sure that your DNS, firewall and NAT settings allow others to access the web server (port 80 or 443 for SSL) from the outside world.
Solution: Using the “Read Only User” Feature
Another popular option is to create a user account that has read-only rights. You can specify exactly which objects the public user can view.
- Pros: Public users can drill into the data and the sensor type. Users can thus also view reports and maps.
- Cons: Larger configuration effort required. PRTG’s user interface cannot be skinned as easily as maps.
“Read Only Users” are best suited for situations where others need detailed access to data from PRTG and for access to reports.
What you need to do:
- Create a new user account (e.g. “Public User”) that will be used for public access.
- Under the heading Account Control are two important settings: Set the Account Type to Read Only User. This setting ensures that nobody can use the public login to modify your monitoring setup.
- Choose Create a new user group for this user in the drop-down menu for the Primary Group. This new user group will be used in the settings of the various objects (groups, devices, sensors, maps, reports) to control whether the public user may see an object or not.
- After creating the new user, select the objects in the device tree the user may view by going to these objects’ settings pages and defining the access right for the newly created group to Read.
- Remember that these rights are inherited to child objects, i.e. allowing the public user to “read” a device automatically allows the user to see all the device’s sensors too.
- Optional: The PRTG web pages can be adjusted (e.g. to match a corporate design) by editing the respective templates (HTML / CSS experience necessary)
- Finally, provide your users with PRTG Network Monitor access using the usual URL and the credentials set above to log in.
See Also
Created on Feb 10, 2010 10:34:16 AM by
Last change on Dec 11, 2013 5:58:54 PM by
Votes:
0
This article applies to PRTG Network Monitor 12 or later, as well as to previous (deprecated) versions
Preliminaries
First and foremost, change the default administrator login credentials (prtgadmin / prtgadmin). All PRTG installations use this default configuration and your installation will never be secure if you continue to use these settings.
If possible, use HTTPS for access to the PRTG web servers. This is controlled using the "PRTG Server Administrator" that can be found under the “Start” menu. The default SSL certificate included with PRTG’s web server is completely secure but causes web browsers to show a warning notification because it does not match the respective server’s DNS name. To avoid this you must purchase your own SSL certificate and install it on your PRTG system. See How can I use a trusted SSL certificate with the PRTG web interface? for more details.
If you intend to distribute URLs from your PRTG installation, make sure that your DNS, firewall and NAT settings allow others to access the web server (port 80 or 443 for SSL) from the outside world.
Solution: Direct Linking
You can link directly to specific graphs via the PRTG API and providing the necessary parameters, such as width and height. In such an instance, however, you would need to provide the login data within the URL.
To call a graph directly via the PRTG API, provide a URL like the following:
http://SERVERNAME/chart.png?type=graph&width=300&height=160&graphid=2&id=0&username=xyz&password=xyz
Add a ”username” and “password”/"passhash" parameter to the end of the URL for authentication. You shoud use the credentials of an unprivileged user, like a read-only user!
For details about how to use and available parameters, please see PRTG Manual: Live Graphs.
More
Please see also How can I use graphs from PRTG in other web pages?
Created on Feb 10, 2010 10:36:13 AM by
Last change on Aug 7, 2018 8:31:21 AM by
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Add comment