How can I safely publish my PRTG data?

Up

2

Down

How can I share the status of my network with others, e.g. other departments or management, without disclosing security sensitive data?

did-you-know graphs howto maps prtg publish read-only security share

Created on Feb 10, 2010 9:39:56 AM by Sebastian Bonhag (62) 1 1

Last change on Feb 10, 2010 12:59:32 PM by Daniel Zobel [Paessler Support] (9,594) 3 3


3 Replies

Accepted Answer

Up

1

Down

Preliminaries

First and foremost, change the default administrator login credentials (prtgadmin / prtgadmin). All PRTG installations use this default configuration and your installation will never be secure if you continue to use these settings.

If possible, use HTTPS for access to the PRTG web servers. This is controlled using the "PRTG Server Administrator" that can be found under the “Start” menu. The default SSL certificate included with PRTG’s web server is completely secure but causes web browsers to show a warning notification because it does not match the respective server’s DNS name. To avoid this you must purchase your own SSL certificate and install it on your PRTG system. See How can I use a trusted SSL certificate with the PRTG web interface? for more details.

If you intend to distribute URLs from your PRTG installation, make sure that your DNS, firewall and NAT settings allow others to access the web server (port 80 or 443 for SSL) from the outside world.

Solution: Public Maps

Your best choice is to use the “public maps” feature. This feature requires minimal configuration effort. The map can be used as a web page by itself or can be embedded in other web pages (e.g. Intranets) using IFRAMEs.

Pros: Quick to set up. You can design the layout yourself. You can use logos and a background image.
Cons: Public users can not access more information than visible on the map, i.e. they cannot “drill” into the data. Depending on your needs, this can also be an inteded feature.

Public maps are best suited for situations were only a few selected information blocks are to be published for others.

What you need to do:

  1. Create a new map by choosing “Map|Add Map” from the main menu.
  2. Enter a name of your choice and select the “Allow Public Access” radio button.
  3. Add map objects to the map and arrange them on the screen as desired. Click the "View Map" tab to check the final layout.
  4. Click on the “Get HTML” tab and you will find instructions on how to use the map’s URL directly or how to embed the map into another webpage using an IFRAME

Please have a look at the maps section of the manual for more information:
Manual section "Maps"

Exampl map from http://prtg.paessler.com/public/mapshow.htm?id=2508&mapid=4E79CC1D-64A2-4439-9781-FDF436869CAF

Example map from http:prtg.paessler.com/

Created on Feb 10, 2010 10:29:44 AM by Sebastian Bonhag (62) 1 1

Last change on Feb 15, 2010 12:35:45 PM by Daniel Zobel [Paessler Support] (9,594) 3 3


Up

0

Down

Preliminaries

First and foremost, change the default administrator login credentials (prtgadmin / prtgadmin). All PRTG installations use this default configuration and your installation will never be secure if you continue to use these settings.

If possible, use HTTPS for access to the PRTG web servers. This is controlled using the "PRTG Server Administrator" that can be found under the “Start” menu. The default SSL certificate included with PRTG’s web server is completely secure but causes web browsers to show a warning notification because it does not match the respective server’s DNS name. To avoid this you must purchase your own SSL certificate and install it on your PRTG system. See How can I use a trusted SSL certificate with the PRTG web interface? for more details.

If you intend to distribute URLs from your PRTG installation, make sure that your DNS, firewall and NAT settings allow others to access the web server (port 80 or 443 for SSL) from the outside world.

Solution: Using the “Read Only User” feature

The other popular option is to create a user account that has read-only rights. You can specify exactly which objects the public user can view.

Pros: Public users can drill into the data and the sensor type. Users can thus also view reports and maps.
Cons: Larger configuration effort required. PRTG’s user interface cannot be skinned as easily as maps.

“Read Only Users” are best suited for situations where others need detailed access to data from PRTG and for access to reports.

What you need to do:

  1. Create a new user account (e.g. “Public User”) that will be used for public access.
  2. Under the heading “Account Control” are two important settings: Set the “Account Type” to “Read Only”. This setting ensures that nobody can use the public login to modify your monitoring setup.
  3. Choose “Create a new user group for this user” for the “Primary Group”. This new user group will be used in the settings of the various objects (groups, devices, sensors, maps, reports) to control whether the public user may see an object or not.
  4. After creating the new user select the objects the user may view by going to these objects’ settings pages and defining the access right for the newly created group to “read”.
  5. Remember that these rights are inherited to child objects, i.e. allowing the public user to “read” a device automatically allows the user to see all the device’s sensors too.
  6. Optional: The PRTG web pages can be adjusted (e.g. to match a corporate design) by editing the respective templates (HTML / CSS experience necessary)
  7. Finally, provide your users with PRTG Network Monitor access using the usual URL and the credentials set above to log in.

Created on Feb 10, 2010 10:34:16 AM by Sebastian Bonhag (62) 1 1

Last change on Feb 15, 2010 12:35:57 PM by Daniel Zobel [Paessler Support] (9,594) 3 3


Up

0

Down

Preliminaries

First and foremost, change the default administrator login credentials (prtgadmin / prtgadmin). All PRTG installations use this default configuration and your installation will never be secure if you continue to use these settings.

If possible, use HTTPS for access to the PRTG web servers. This is controlled using the "PRTG Server Administrator" that can be found under the “Start” menu. The default SSL certificate included with PRTG’s web server is completely secure but causes web browsers to show a warning notification because it does not match the respective server’s DNS name. To avoid this you must purchase your own SSL certificate and install it on your PRTG system. See How can I use a trusted SSL certificate with the PRTG web interface? for more details.

If you intend to distribute URLs from your PRTG installation, make sure that your DNS, firewall and NAT settings allow others to access the web server (port 80 or 443 for SSL) from the outside world.

Solution: Direct linking

You can link directly to specific graphs by copying the URL and providing the necessary parameters, such as width and height. In such an instance, however, you would need to provide the login data within the URL.

Go to any graph image in PRTG’s web interface, right click it and select "Copy Image URL". Add a ”username=” and “password=” parameter to the end of the URL for authentication. You shoud use the credentials of an unprivileged user, like a read-only user!

http://SERVERNAME/chart.png?type=graph&graphid=1&width=300&height=180&id=0&username=xyz&password=xyz

More

Please see also How can I use graphs from PRTG in other web pages?

Created on Feb 10, 2010 10:36:13 AM by Sebastian Bonhag (62) 1 1

Last change on Feb 15, 2010 12:36:08 PM by Daniel Zobel [Paessler Support] (9,594) 3 3


Please log in or register to enter your reply.

Disclaimer:The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
PRTG Network Monitor 150.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Top Tags


View all Tags

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions! Learn more