/fp-pta-ansible-prtg

Ansible role to install Paessler's PRTG Network Monitoring solution.

BSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

prtg

PRTG is a monitoring solution provided by the company Paessler. https://www.paessler.com/prtg

Monitor all systems, devices, traffic and applications of your IT infrastructure. Everything you need is contained in PRTG, no additional downloads are required.

For information about PTA and how to use it with this Ansible role please visit https://github.com/Forcepoint/fp-pta-overview/blob/master/README.md

As of this writing, PRTG is a Windows only application, and it does NOT run in docker. This complicates the traditional approach used here of being able to maintain an application without issue even when the VM is replaced. It can still be done but you must backup the needed application files and registry settings to restore from later.

Data in question as of this writing...

  • C:\Program Files (x86)\PRTG Network Monitor\
  • C:\ProgramData\Paessler\PRTG Network Monitor
  • Registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Paessler\PRTG Network Monitor

The reason PRTG was chosen as the monitoring solution here is because it's easy to use and setup. Granted, the product leaves a lot of be desired from an Infrastructure as Code perspective, but it is crazy easy to use and it has a free license if you keep your sensor count under one hundred. The learning curve for other popular monitoring solutions is EXTREMELY steep by comparison.

The first time installed, you need to...

  1. Change the prtgadmin user's password immediately. The default username is prtgadmin and the default password is prtgadmin.
  2. Switch to SSL.
  3. Ensure emails can be sent.
  4. Add the default credentials for Windows and Linux machines to the Root Group so the devices you add can inherit this automatically.
  5. Add any desired groups under Local Probe.

It is recommended to NOT use auto discovery as that will very quickly eat up your count of free sensors.

Disaster Recovery

If you have utilized the backup-local-win role to make backups, follow these steps to recover from backups of the data outlined above...

  1. Run ansible to setup the application for you. As long as ansible completes, you're good to proceed.
  2. sc stop PRTGCoreService
  3. sc stop PRTGProbeService
  4. sc query PRTGCoreService
  5. sc query PRTGProbeService
  6. rmdir /S /Q "C:\Program Files (x86)\PRTG Network Monitor"
  7. rmdir /S /Q "C:\ProgramData\Paessler\PRTG Network Monitor"
  8. reg delete HKLM\SOFTWARE\Wow6432Node\Paessler /f
  9. Extract the program_files backup to C:\.
  10. Extract the program_data backup to C:\.
  11. Extract the registry backup to C:\.
  12. cmd.exe /C C:\backups\registry.reg
  13. rmdir /S /Q "C:\backups"
  14. sc start PRTGCoreService
  15. sc start PRTGProbeService
  16. sc query PRTGCoreService
  17. sc query PRTGProbeService

Requirements

If you have trouble setting up the certificates appropriately, try using the Certificate Importer and then copying the files off and encrypting them for the role to consume. FYI, PRTG will want the key file to be in RSA format. I couldn't figure out what the format of the root.pem was supposed to be, so I ended up using the certificate importer. https://www.paessler.com/tools/certificateimporter

The following files are required to be present. Ensure they're vaulted before committing them to source code control.

  • files/{{ prtg_dns }}.key The private key.
  • files/{{ prtg_dns }}.pem The web certificate.

OPTIONAL

  • files/root.pem The root CA's certificate, possibly combined with an intermediate CA, if needed. This would likely be the case if you are using your own private CA.

Role Variables

REQUIRED

  • prtg_dns: The DNS name for the PRTG server. This DNS entry must already exist.
  • prtg_installer: The download URL For the PRTG EXE installer. PRTG provides a zip which I didn't want to deal with, so you should unzip and stage the EXE somewhere like Artifactory.
  • prtg_product_id: The Product ID as defined in the registry. If you use version 18.3.43.2323, this is {5EC294B8-98F8-4C20-BE73-F11A04295CA5}_is1. Sorry, chicken and egg problem. You have to have this to use the win_package module here.
  • prtg_admin_email: The email address for the PRTG administrator.
  • prtg_license_key: The license key provided by PRTG on their download page. https://www.paessler.com/download/prtg-download

OPTIONAL

  • prtg_log: The path for the installation log. Defaults to C:\prtg_install.log. Recommend not using spaces in the path.
  • prtg_license_name: The name of the license as provided by PRTG on their download page. Default is prtgtrial.

Dependencies

None

Example Playbook

- hosts: servers
  vars:
    prtg_dns: prtgmonitor.COMPANY.com
    prtg_installer: "https://artifactory.COMPANY.com/artifactory/software/Paessler/PRTG/18.3.43/prtg.zip!/PRTG%20Network%20Monitor%2018.3.43.2323%20Setup%20(Stable).exe"
    prtg_product_id: "{5EC294B8-98F8-4C20-BE73-F11A04295CA5}_is1"
    prtg_admin_email: "FIRST.LAST@COMPANY.com"
    prtg_license_key: 000014-11111-111111-111111-11111-111111
  roles:
     - role: prtg

License

BSD-3-Clause

Author Information

Jeremy Cornett jeremy.cornett@forcepoint.com