Page 1 of 1

[Solved] PRTG Import

Posted: Mon Oct 12, 2020 1:45 pm
by mackov83
Hi,

My company have been using your product for a while and have been very happy with it to date. I am currently trying to automate the import of devices from PRTG and having some issues.

While I am not using https ('do not check HTTPS certificate'), I am seeing this error in the unimus.log which suggests it is trying to use SSL (full log excerpt attached):

2020-10-13 00:22:37.751 WARN 9975 --- [http-nio-8085-exec-3] n.u.s.p.i.d._.domain.ImportUseCaseImpl : Failed to import device(s) from importer 'Failed to connect to PRTG. Reason: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed'

I am struggling to get this working, though I have been able to successfully build and test the query using Postman:
http://<server_name>/api/table.xml?content=devices&output=xml&columns=device,host,tags&filter_tags=unimus&username=prtgadmin&passhash=<password_hash>

Any assistance you can provide on:
  • Confirming the pieces of the query to put into Unimus config
      Whether the expired SSL is an issue - even though is unchecked
    Some relevant details:
    Unimus = 2.0.6
    PRTG = 20.3.62.1397+ (freeware edition for testing - not run against the paid instance yet)

    Re: PRTG Import

    Posted: Tue Oct 13, 2020 12:52 am
    by mackov83
    SUCCESS!! By adding a Let's Encrypt certificate to PRTG, the import process worked exactly as expected.

    Unimus team, is this something you can rectify? The checkbox for 'Do not check HTTPS certificate' seems to be ignored??

    Below is what you get from a successful import:
    2020-10-13 11:45:35.219 INFO 9975 --- [http-nio-8085-exec-7] n.u.s.p.v.impl.VaadinImportServiceImpl : User 'admin' importing devices using 'PRTG' importer

    Re: PRTG Import

    Posted: Tue Oct 13, 2020 8:22 am
    by Johnny
    Hi,

    EDIT: please see my next post for an update

    Re: PRTG Import

    Posted: Tue Oct 13, 2020 2:09 pm
    by mackov83
    Hi @Johnny, thanks for the update and taking the time to look into it. Happy to help :)

    Re: PRTG Import

    Posted: Tue Oct 13, 2020 4:05 pm
    by Johnny
    After further investigation we believe it's not a bug.
    Sorry for misleading :)

    I'll try to explain what we think is going on and why you got the exception at the first place.
    As for your server address configuration you have used HTTP schema over HTTPS in assumption
    it wouldn't validate SSL certificate. That's totally correct, an HTTP request doesn't work with SSL certificates in any manner.

    So why the problem occurred even if you use HTTP schema?

    That can be caused when a target server, in your case your PRTG server, returns HTTP 301 redirect as a response to the initial request.
    The HTTP client we use in importers follows redirect requests natively.
    Meaning that the HTTP client does another HTTP request to the address returned in the redirect response right away.
    And that's where the problem is. When the returned address uses HTTPS schema, and not HTTP schema anymore, SSL certificate validation is triggered.

    In your case it would mean your PRTG server instance asks Unimus' HTTP client to 'promote' its communication to HTTPS in order to be secured.

    To validate whether the claim is true you can use the following curl command in your terminal:

    Code: Select all

    curl -v http://<server_name>/api/table.xml?content=devices&output=xml&columns=device,host,tags&filter_tags=unimus&username=prtgadmin&passhash=<password_hash>
    The response status code in this case should be HTTP/1.1 301 Moved Permanently.

    To let CURL to follow redirects you case use -L flag like the following:

    Code: Select all

    curl -v -L http://<server_name>/.....
    CURL will follow redirect requests and you should see HTTP/1.1 200 OK status code in the final result.

    Let us know if our assumption is correct.
    Thanks!

    Re: [Solved] PRTG Import

    Posted: Thu Mar 18, 2021 2:29 pm
    by mackov83
    Apologies, I had not seen this message. Here is the info requested:

    Part1:

    curl -v http://prtg.domain.com/api/table.xml?co ... =464292311
    [1] 23376
    [2] 23377
    [3] 23378
    [4] 23379
    [5] 23380
    user@unimus:~$ * Trying 10.83.10.17...
    * TCP_NODELAY set
    * Connected to prtg.domain.com (10.83.10.17) port 80 (#0)
    > GET /api/table.xml?content=devices HTTP/1.1
    > Host: prtg.domain.com
    > User-Agent: curl/7.58.0
    > Accept: */*
    >
    < HTTP/1.1 401 Unauthorized
    < Connection: close
    < Content-Type: text/html; charset=ISO-8859-1
    < Content-Length: 45
    < Date: Thu, 18 Mar 2021 14:19:14 GMT
    < Expires: 0
    < Cache-Control: no-cache
    < X-Content-Type-Options: nosniff
    < X-XSS-Protection: 1; mode=block
    < LoginAgain: true
    < Server: PRTG
    < Location: https://prtg.domain.com/api/table.xml?content=devices
    <
    * Closing connection 0
    <HTML><BODY><B>Unauthorized</B></BODY></HTML>

    Part 2:

    curl -v -L http://prtg.domain.com/api/table.xml?co ... =464292311
    [1] 23671
    [2] 23672
    [3] 23673
    [4] 23674
    [5] 23675
    user@unimus:~$ * Trying 10.83.10.17...
    * TCP_NODELAY set
    * Connected to prtg.domain.com (10.83.10.17) port 80 (#0)
    > GET /api/table.xml?content=devices HTTP/1.1
    > Host: prtg.domain.com
    > User-Agent: curl/7.58.0
    > Accept: */*
    >
    < HTTP/1.1 401 Unauthorized
    < Connection: close
    < Content-Type: text/html; charset=ISO-8859-1
    < Content-Length: 45
    < Date: Thu, 18 Mar 2021 14:22:22 GMT
    < Expires: 0
    < Cache-Control: no-cache
    < X-Content-Type-Options: nosniff
    < X-XSS-Protection: 1; mode=block
    < LoginAgain: true
    < Server: PRTG
    < Location: https://prtg.domain.com/api/table.xml?content=devices
    <
    * Closing connection 0
    <HTML><BODY><B>Unauthorized</B></BODY></HTML>