This article applies to PRTG Network Monitor 15 or later

How can I monitor login credentials for a web page with PRTG to check if a username/password combination results in an unsuccessful login attempt?

Checking login credentials for a web page using POST requests

To monitor if login attempts to a web page are successful with a certain username and password combination, you can use the HTTP Advanced sensor. If the website of which you want to check login credentials uses POST data to log in to the internal area, you have to find out the needed POST data for the login and provide it with the correct syntax in the settings of the sensor. Furthermore, you have to find the response of the login form for unsuccessful login attempts.

The HTTP Advanced sensor can check this answer for defined keywords and show a warning or down status if keywords are found that indicate a failed login.

Find out POST data for HTTP request

If your web page requires login credentials as POST data, find out the content the sensor has to send with the HTTP request and which syntax the target page uses for the POST data. We recommend that you use a tool like Firebug, for example, to inspect the elements of the web page and see the required data.

Provide correct data in the sensor settings

To check login credentials for a web page, add an HTTP Advanced sensor to PRTG. In step 2 of the add sensor dialog, define the settings as described below.

Note: You can leave settings unchanged if they are not mentioned below.

Step by step: monitoring login authentication

We describe the necessary steps to monitor login authentication with the login page of the PRTG web interface as example. Basically, this approach also works on other login forms.

• Open the web page with the login form you want to check for authentication.
• Provoke an unsuccessful login by using wrong credentials. For example, use the credentials you want to check for failing authentication.
• Check how the web page notifies you about the failed login. For example, PRTG shows the red error message Your login has failed. Please try again!
• Open Firebug to inspect the web page.
• Open the Net panel, show All requests, and look at the Post data.
• Enter the complete URL of the POST request into the URL field of the HTTP Advanced sensor settings. Note: It might differ from the URL of the login page.
• Select POST as Request Method in the sensor settings.
• Copy the raw data in the Source section of the Post tab in Firebug and paste it into the Postdata field of the sensor settings. Adjust the parameters for username and password according to your needs. These are the credentials that you want to check for logging in to the web page.

• Check the response of the web page to the failed login.
  • In Firebug, open the HTML panel.
  • Use the Inspector and hover the error message to highlight it in the HTML code.
  • Copy the error message.

• Paste the error message into the Response Must Not Include field in the sensor settings.

• Save the settings.

Your HTTP Advanced sensor now checks if the provided credentials result in a successful login attempt on the requested web page. Depending on the option you choose for Exclude Keyword, the sensor shows an error or warning status if the keyword is found and so the username/password combination is not valid for the login.