PRTG Manual: Add a Group

icon-i-round-blueThis documentation refers to an administrator accessing the PRTG web interface on a master node. If you use other user accounts, interfaces, or failover nodes, you might not see all of the options in the way described here. If you use a cluster installation, note that failover nodes are read-only by default.

There are several ways to manually add a group:

  • Select Devices | Add Group from the main menu.
  • Hover over plus_button and select Add Group from the menu.
  • For faster setup, you can select Add Group from the context menu of a probe or group to which you want to add the new group. This skips step 1 and leads you directly to step 2.
  1. Select a probe or group that you want to add the new group to. Click OK.
  1. Add group settings as described below.
Add Group Assistant Step 2

Add Group Assistant Step 2

Group Name and Tags

Setting

Description

Group Name

Enter a meaningful name to identify the group. The name is shown in the device tree and in all alarms.

Tags

Enter one or more tags. Confirm each tag with the Spacebar key, a comma, or the Enter key. You can use tags to group objects and use tag-filtered views later on. Tags are not case-sensitive. Tags are automatically inherited.

icon-i-round-blueIt is not possible to enter tags with a leading plus (+) or minus (-) sign, nor tags with parentheses (()) or angle brackets (<>).

Credentials for Windows Systems

Click inherited_settings_button to interrupt the inheritance. See section Inheritance of Settings for more information.

Setting

Description

Domain or Computer Name

Define the authority for Windows access. This is used for Windows Management Instrumentation (WMI) and other Windows sensors. If you want to use a Windows local user account on the target device, enter the computer name here. If you want to use a Windows domain user account (recommended), enter the (Active Directory) domain name here. If not explicitly defined, PRTG automatically adds a prefix to use the NT LAN Manager (NTLM) protocol. Do not leave this field empty.

User

Enter the username for Windows access. Usually, you use credentials with administrator rights.

Password

Enter the password for Windows access. Usually, you use credentials with administrator rights.

Credentials for Linux/Solaris/Mac OS (SSH/WBEM) Systems

Click inherited_settings_button to interrupt the inheritance. See section Inheritance of Settings for more information.

Setting

Description

User

Enter a login name for the access via Secure Shell (SSH) and Web-based Enterprise Management (WBEM). Usually, you use credentials with administrator rights.

Login

Define the authentication method to use for login:

  • Login via Password: Provide a password for login.
  • Login via Private Key: Provide a private key for authentication.
    icon-i-round-redPRTG can only handle keys in OpenSSH format that are not encrypted. You cannot use password-protected keys here. In the text field, paste the entire private key, including the "BEGIN" and "END" lines. Make sure that the respective public key is provided on the target machine. For details, see section Monitoring via SSH.

Password

This field is only visible if you enable Login via Password above. Enter a password for the Linux access via SSH and WBEM. Usually, you use credentials with administrator rights.

Private Key

This field is only visible if you enable Login via Private Key above. Paste a private key into the field (OpenSSH format, unencrypted). Usually, you use credentials with administrator rights.

icon-i-round-redIf you do not insert a private key for the first time, but change the private key, you need to restart the PRTG core server service for the private key change to take effect. For details, see section Monitoring via SSH.

For WBEM Use Protocol

icon-i-round-blueThis setting is only relevant if you use WBEM sensors.

Define the protocol to use for WBEM:

  • HTTP: Use an unencrypted connection for WBEM.
  • HTTPS: Use a Secure Sockets Layer (SSL) encrypted connection for WBEM.

For WBEM Use Port

icon-i-round-blueThis setting is only relevant if you use WBEM sensors.

Define the port to use for WBEM:

  • Set automatically (port 5988 or 5989): Use one of the standard ports, depending on whether you choose unencrypted or encrypted connection above.
  • Set manually: Use a custom port.

WBEM Port

This setting is only visible if you enable Set manually above. Enter the WBEM port number.

SSH Port

Enter the port number to use for SSH connections.

icon-i-round-blueBy default, PRTG automatically uses this setting for all SSH sensors unless you define a different port number in the sensor settings.

SSH Rights Elevation

Define the rights that you want to use to execute the command on the target system:

  • Run the command as the user connecting (default): Use the rights of the user who establishes the SSH connection, as defined above.
  • Run the command as another user using 'sudo' (with password): Use the rights of another user with a password required for sudo to run commands on the target device, for example, as root user.
  • Run the command as another user using 'sudo' (without password): Use the rights of another user without a password required for sudo to run commands on the target device, for example, as root user.
  • Run the command as another user using 'su': Use the rights of another user with su to run commands on the target device.

Target User

This field is only visible if you select a sudo or su option above. Enter a username to run the specified command as a user other than root. If you leave this field empty, you run the command as root. Make sure that you set the Linux password even if you use a public or private key for authentication. This is not necessary if the user is allowed to execute the command without a password.

Password

This field is only visible if you choose to run the commands using su or sudo with password above. Enter the password for the specified target user.

SSH Engine

Select the method that you want to use to access data with SSH sensors:

icon-i-round-redWe strongly recommend that you keep the default engine. For now, you can still use the legacy mode to ensure compatibility with your target systems.

  • Default (recommended): This is the default monitoring method for SSH sensors. It provides the best performance and security.
  • Compatibility Mode (deprecated): Try this legacy method only if the default mode does not work on a target device. The compatibility mode is the SSH engine that PRTG used in previous versions and is deprecated. We will remove this legacy option soon, so try to get your SSH sensors running with the default SSH engine.

icon-i-round-blueYou can also individually select the SSH engine for each SSH sensor in the sensor settings.

Credentials for VMware/XenServer

Click inherited_settings_button to interrupt the inheritance. See section Inheritance of Settings for more information.

Setting

Description

User

Enter a login name for access to VMware and Xen servers. Usually, you use credentials with administrator rights.

Password

Enter a password for access to VMware and Xen servers. Usually, you use credentials with administrator rights.

icon-i-round-bluesingle sign on (SSO) passwords for vSphere do not support special characters. See the sections for VMware sensors for details.

VMware Protocol

Define the protocol used for the connection to VMware and XenServer:

  • HTTPS (recommended): Use a Secure Sockets Layer (SSL) encrypted connection to VMware and Xen servers.
  • HTTP: Use an unencrypted connection to VMware and Xen servers.

Session Pool

Define if you want to use session pooling for VMware sensors:

  • Reuse session for multiple scans (recommended): Select this option to use session pooling. With session pooling, a VMware sensor uses the same session as created in advance to query data and does not need to log in and out for each sensor scan. We recommend that you choose this option because it reduces network load and log entries on the target device, resulting in better performance.
  • Create a new session for each scan: If you select this option and disable session pooling, a VMware sensor has to log in and out for each sensor scan. We recommend that you use the session pooling option above for better performance.

Credentials for SNMP Devices

Click inherited_settings_button to interrupt the inheritance. See section Inheritance of Settings for more information.

Setting

Description

SNMP Version

Select the Simple Network Management Protocol (SNMP) version for the device connection:

  • v1: Use the simple v1 protocol for SNMP connections. This protocol only offers clear-text data transmission, but it is usually supported by all devices.
    icon-i-round-redSNMP v1 does not support 64-bit counters. This might result in invalid data when monitoring traffic via SNMP.
  • v2c (recommended): Use the more advanced v2c protocol for SNMP connections. This is the most common SNMP version. Data is still transferred as clear text, but SNMP v2c supports 64-bit counters.
  • v3: Use the v3 protocol for SNMP connections. It provides secure authentication and data encryption.

icon-i-round-redWhen using SNMP v3, you can only monitor a limited number of sensors per second because of internal limitations. The limit is somewhere between 1 and 50 sensors per second (depending on the SNMP latency of your network). This means that using an interval of 60 seconds limits you to between 60 and 3000 SNMP v3 sensors for each probe. If you experience an increased Interval Delay or Open Requests with the Probe Health sensor, distribute the load over multiple probes. SNMP v1 and v2 do not have this limitation.

Community String

This setting is only visible if you select SNMP version v1 or v2c above. Enter the community string of your devices. This is a kind of "clear-text password" for simple authentication. We recommend that you use the default value.

Authentication Type

This setting is only visible if you select SNMP version v3 above. Select the authentication type:

  • MD5: Use message-digest algorithm 5 (MD5) for authentication.
  • SHA: Use Secure Hash Algorithm (SHA) for authentication.

icon-i-round-blueIf you do not want to use authentication, but you need SNMP v3, for example, because your device requires context, you can leave the field Password empty. In this case, SNMP_SEC_LEVEL_NOAUTH is used and authentication is entirely deactivated.

icon-i-round-redThe type you select must match the authentication type of your device.

User

This setting is only visible if you select SNMP version v3 above. Enter a username for secure authentication. This value must match the username of your device.

Password

This setting is only visible if you select SNMP version v3 above. Enter a password for secure authentication. This value must match the password of your device.

Encryption Type

This setting is only visible if you select SNMP version v3 above. Select an encryption type:

  • DES: Use Data Encryption Standard (DES) as encryption algorithm.
  • AES: Use Advanced Encryption Standard (AES) as encryption algorithm.

icon-i-round-blueAES-192 and AES-256 are not supported by Net-SNMP. They lack RFC specification.

icon-i-round-redThe type that you select must match the encryption type of your device.

Data Encryption Key

This setting is only visible if you select SNMP version v3 above. Enter an encryption key. If you provide a key, SNMP data packets are encrypted using the encryption algorithm selected above, which provides increased security. The key must match the encryption key of your device. Enter a string or leave the field empty.

icon-i-round-redIf the key does not match the key configured on the target SNMP device, you do not get an error message.

Context Name

This setting is only visible if you select SNMP version v3 above. Enter a context name only if it is required by the configuration of the device. Context is a collection of management information accessible by an SNMP device. Enter a string.

SNMP Port

Enter the port for the SNMP communication. We recommend that you use the default value.

Timeout (Sec.)

Enter a timeout in seconds for the request. Enter an integer value. If the reply takes longer than this value, the sensor cancels the request and triggers an error message. The maximum timeout value is 300 seconds (5 minutes).

Credentials for Database Management Systems

Click inherited_settings_button to interrupt the inheritance. See section Inheritance of Settings for more information.

The settings you define in this section apply to the following sensors:

Setting

Description

Port for Databases

Define which ports PRTG uses for connections to the monitored databases:

  • Set automatically (default port, recommended): PRTG automatically determines the type of the monitored database and uses the corresponding default port to connect. See below for a list of default ports.
  • Define one custom port valid for all database sensors: Choose this option if your database management systems do not use the default ports. Define the port for database connections manually below. If you choose this option, PRTG uses the custom port for all database sensors.

If you choose the automatic port selection, PRTG uses the following default ports:

  • Microsoft SQL: 1433
  • MySQL: 3306
  • Oracle SQL: 1521
  • PostgreSQL: 5432

Custom Database Port

Enter the number of the port that PRTG uses for database connections. Enter an integer value.

icon-i-round-blueAll database sensors on this device use this port to connect.

Authentication Mode

Select the authentication method for the connection to the Structured Query Language (SQL) database:

  • Windows authentication with impersonation: If you select this option, PRTG uses the Windows credentials as defined in the particular device settings for the database connection.
    icon-i-round-redThe user whose credentials are used needs to have permission to log on to the probe system with a database sensor. This is required for the impersonation.
  • SQL server authentication: Choose this option if you want to use explicit credentials for database connections.

User

This field is only visible if you enable SQL server authentication above. Enter the username for the database connection.

Password

This field is only visible if you enable SQL server authentication above. Enter the password for the database connection.

Timeout (Sec.)

Enter a timeout in seconds for the request. Enter an integer value. If the reply takes longer than this value, the sensor cancels the request and triggers an error message. The maximum timeout value is 300 seconds (5 minutes).

Credentials for AWS

Click inherited_settings_button to interrupt the inheritance. See section Inheritance of Settings for more information.

Setting

Description

Access Key

Enter your Amazon Web Services (AWS) access key.

icon-square-cyanFor more information about the permissions that are required for querying the AWS API, see the Knowledge Base: How do I set permissions for the Amazon Web Services (AWS) API key to use certain sensors in PRTG?

Secret Key

Enter your AWS secret key.

icon-square-cyanFor more information about the permissions that are required for querying the AWS API, see the Knowledge Base: How do I set permissions for the Amazon Web Services (AWS) API key to use certain sensors in PRTG?

Credentials for MQTT

Click inherited_settings_button to interrupt the inheritance. See section Inheritance of Settings for more information.

Setting

Description

User Credentials

Select if you want to connect without credentials, or define credentials for the connection.

  • None: Connect without credentials.
  • Username/Password: Define credentials for the connection.

User

This field is only visible if you enable Username/Password above. Enter the username for access to the Message Queue Telemetry Transport (MQTT) broker.

Password

This field is only visible if you enable Username/Password above. Enter the password for access to the MQTT broker.

Port

Enter the port number for MQTT connections. Usually this is port 1883 for unencrypted connections, and port 8883 when using Transport Layer Security (TLS).

Transport-Level Security

Select if you want to use encryption and define required certificates.

  • Don't use encryption: Do not use TLS encryption.
  • Use TLS encryption: Use TLS encryption.

Server Authentication

This field is only visible if you enable Use TLS encryption above. Select if you want to use a certificate for server authentication.

  • Disable server authentication: Do not use a certificate for server authentication.
  • Enable server authentication: Use a certificate for server authentication.

CA Certificate

Copy the certificate authority (CA) certificate for verifying the MQTT server and paste it here.

icon-i-round-redThe certificate must be in Privacy-Enhanced Mail (PEM) format.

Client Authentication

This field is only visible if you enable Use TLS encryption above. Select if you want to use a certificate for client authentication.

  • Disable client authentication: Do not use a certificate for client authentication.
  • Enable client authentication: Use a certificate for client authentication.

Client Certificate

Copy the certificate that you created for authenticating the sensor against the server and paste it here.

icon-i-round-redThe certificate must be in PEM format.

Client Key

Enter the client key for authentication against the server.

icon-i-round-redThe client key must be encrypted using the Client Key Password.

Client Key Password

Enter the password for the client key certificate.

Access Rights

Click inherited_settings_button to interrupt the inheritance. See section Inheritance of Settings for more information.

Setting

Description

User Group Access

Define the user groups that have access to the object. You see a table with user groups and group access rights. The table contains all user groups in your setup. For each user group, you can choose from the following group access rights:

  • Inherited: Inherit the access rights settings of the parent object.
  • No access: Users in this user group cannot see or edit the object. The object neither shows up in lists nor in the device tree.
    icon-i-round-blueThere is one exception: If a user in this user group has access to a child object, the parent object is visible in the device tree but users in this user group cannot access it.
  • Read access: Users in this group can see the object and view its monitoring results. They cannot edit any settings.
  • Write access: Users in this group can see the object, view its monitoring results, and edit its settings. They cannot edit its access rights settings.
  • Full access: Users in this group can see the object, view its monitoring results, edit its settings, and edit its access rights settings.

To automatically set all child objects to inherit this object's access rights, enable the Revert children's access rights to inherited option.

icon-square-cyanFor more details on access rights, see section Access Rights Management.

Ajax Web Interface—Device and Sensor Setup—Topics

Other Ajax Web Interface Sections