ㅡ.ㅡ

[Monitoring] snmp_exporter(fortigate) 본문

Observabillity

[Monitoring] snmp_exporter(fortigate)

ekwkqk12 2021. 1. 23. 22:03

서비스별 사용 포트

SNMP(Inbound) : 161/UDP (snmp_exporter 설치 서버)
snmp_exporter(Inbound) : 9116/TCP (Prometheus서버에 설치 시 미 필요)

go 설치

wget https://dl.google.com/go/go1.12.5.linux-amd64.tar.gz
tar -xvzf go1.12.5.linux-amd64.tar.gz
mv go /usr/local

환경 변수 등록

vi ~/.bashrc
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
export MIBDIRS=mibs
source ~/.bahsrc

snmp_exporter 구동 환경 설정

sudo yum install -y git zip unzip gcc gcc-g++ make net-snmp net-snmp-utils net-snmp-libs net-snmp-devel
cd ${GOPATH-$HOME/go}/src/github.com/prometheus/snmp_exporter/generator
go build    
make mibs

forti mib파일 복사

)

snmp_exporter에 forti용 모듈 등록

rm ${GOPATH-$HOME/go}/src/github.com/prometheus/snmp_exporter/generator/generator.yml
cat > ${GOPATH-$HOME/go}/src/github.com/prometheus/snmp_exporter/generator/generator.yml << EOF
modules:
 fortigate_snmp:
  walk:
  - ifXTable
  - fgVpn
  - fgSystem
  - fgIntf
  version: 2
  max_repetitions: 25
  retries: 3
  timeout: 10s
  auth:
  community: <fortigate에 설정한 문자열>
EOF

snmp_exporter 설치

wget https://github.com/prometheus/snmp_exporter/releases/download/v0.19.0/snmp_exporter-0.19.0.linux-amd64.tar.gz
tar -xvzf snmp_exporter-0.19.0.linux-amd64.tar.gz
mkdir /usr/local/snmp_exporter
mv snmp_exporter* /usr/local/snmp_exporter

시스템 서비스 등록

cat > /etc/systemd/system/snmp_exporter.service << EOF

[Unit]
Description=Snmp_exporter
Wants=network-online.target
After=network-online.target


[Service]
User=root
Group=root
Type=simple
ExecStart=/usr/local/snmp_exporter/snmp_exporter \
--config.file=/usr/local/snmp_exporter/snmp.yml


[Install]
WantedBy=multi-user.target
EOF

forti용 snmp.yml 파일 생성 및 등록

${GOPATH-$HOME/go}/src/github.com/prometheus/snmp_exporter/generator/generator generate
cp -R /root/go/src/github.com/prometheus/snmp_exporter/generator/snmp.yml /usr/local/snmp_exporter/
systemctl restart snmp_exporter
systemctl status snmp_exporter
systemctl enable snmp_exporter

Web(9116포트)에서 방화벽 snmp확인

Prometheus 설정

- job_name: 'fortigate'
  static_configs:
    - targets: ['fortigate_ip'] # fortigate device.
      labels:
       device: fortigate
       company: XXX
  scrape_interval: 3m
  scrape_timeout : 3m
  metrics_path: /snmp
  params:
    module: [fortigate_snmp]
  relabel_configs:
    - source_labels: [__address__]
      target_label: __param_target
    - source_labels: [__param_target]
      target_label: instance
    - target_label: __address__
      replacement: snmp_exporter_ip:9116  # SNMP exporter.

GRAFANA

7567을 추천하지만 조금 수정해야된다....

우리 방화벽은 SNMP에 Session정보가 없는데... 장비에서 원래 지원을 안하는것인지... 모르겠다.... 아시는분 HELP좀요...
(펌웨어 업데이트하니 Session정보가 쌓입니다!! 6버전 사용중입니다.)

'Observabillity' 카테고리의 다른 글

[Logging] APP Logging/Fluentd&Fluentbit  (0) 2021.10.17
[K8S] Kubernetes Dashboard  (0) 2021.01.30
[Monitoring] 도커 컨테이너(호스트) 모니터링  (0) 2021.01.23
[Monitoring] Grafana  (0) 2021.01.02
[Monitoring] WMI_exporter  (0) 2021.01.02
'Observabillity' Related Articles more