In the last article I had already announced that I would also like to use PRTG to monitor the web server protection of the Sophos UTM. Unfortunately, PRTG only offers generic sensors for the UTM, which makes monitoring a little more difficult. I made some progress with the Sophos RESTful API, but unfortunately the RESTful API can only check whether the front-end and back-end servers are activated. The exact status (reachable or down) cannot be determined directly via the API. Therefore, I still have to think of a better way to monitor the status.
But here is the first version of the sensor, which at least checks the "activated/deactivated" status:
Enable Sophos UTM RESTful API
For the sensor to work, the RESTful API of the UTM must be activated. All you need to do is create a ReadOnly user for PRTG. The API can then be activated in the "WebAdmin settings" and a token created for the PRTG user:
The WebAdmin interface must be accessible from the PRTG server:
Add sensor to PRTG
The PowerShell Sensor for UTM Webserver Protection can be downloaded here:
The file "Sophos_UTM_WAF.PS1 must now be copied to the PRTG sensor directory. Normally, the directory is located under the following path:
C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML
A new sensor of the type "Program/Script (Advanced)" can now be created in PRTG:
The sensor can now be given a name. The previously copied script can be selected under "Program/Script". The API token and address of the Sophos UTM must be specified as parameters:
–UTMApiToken „UTMAPITOKEN“ –UTMAdress “IPoderHostnamederUTM”
As already mentioned, the sensor does not check the actual status, but only whether the front end (FE, virtual web server) and back end (BE, real web server) are activated:
I think in the next version I'll add simple port checks to the sensor, so it's at least a bit easier to check the function.