Install fortigate_exporter + grafana + promethus with docker on Ubuntu 20 step by step.
STEP1:Run Grafana
# docker run -d --name=grafana -p 3000:3000 grafana/grafanaSTEP2:Run Promethus
# docker run -d --name promethus01 -p 9090:9090 prom/prometheus
Edit prometheus.conf
# docker exec -ti prometheus01 sh
/prometheus $ vi /etc/prometheus/prometheus.yml Add fortigate_exporter section.
# A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config. - job_name: "prometheus" # metrics_path defaults to '/metrics' # scheme defaults to 'http'. static_configs: - targets: ["localhost:9090"] - job_name: 'fortigate_exporter' metrics_path: /probe static_configs: - targets: - https://your_fortigate_ip relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance # Drop the https:// and port (if specified) for the 'instance=' label regex: '(?:.+)(?::\/\/)([^:]*).*' - target_label: __address__ replacement: 'your_fortigate_exporter_ip:9710'
STEP3:Setup Fortigate API Token
Referce this page to add API token: https://docs.fortinet.com/document/forticonverter/7.0.1/online-help/866905/connect-fortigate-device-via-api-token
Check API Token is working.
# curl -k https://you_fortigate_ip/api/v2/monitor/sensor-info/\?access_token\=m1Nrjx6HqN6m5wnf7xNtm0yH74960G ░▒▓ ✔ │ root@ezdarwin01 16:29:47
{
"directory":[
],
"serial":"FG20XXXXXXXXX",
"version":"v7.2.3",
"build":1262
}# STEP4:Install fortigate_exporter
Build Docker
# git clone https://github.com/bluecmd/fortigate_exporter # cd fortigate_exporterIf you will use certificate, ignore this step # vi DockerfileAdd -inscure text in Dokcerfile.CMD ["-auth-file", "/config/fortigate-key.yaml", "-insecure"]# docker build -t fortigate_exporter .
Add fortigate-key.yaml
"https://your_fortigate_ip": token: m1Nrjx6HqN6m5wnf7xNtm0yH74960G probes: include: - System - VPN - Firewall - Wifi - User - VirtualWAN - Log - License
Run fortigate_exporter
# docker run -d -p 9710:9710 -v /yourpath/fortigate-key.yaml:/config/fortigate-key.yaml fortigate_exporter
Check fortigate_exporter is working.
# curl 'your_exporter_ip:9710/probe?target=https://your_fortigate_ip' ░▒▓ ✔ │ root@ezdarwin01 16:24:48 # HELP fortigate_certificate_cmdb_references Number of times the certificate is referenced # TYPE fortigate_certificate_cmdb_references gauge fortigate_certificate_cmdb_references{name="Fortinet_CA_SSL",scope="global",source="factory",vdom="root"} 0 fortigate_certificate_cmdb_references{name="Fortinet_CA_SSL",scope="vdom",source="factory",vdom="root"} 6 fortigate_certificate_cmdb_references{name="Fortinet_CA_Untrusted",scope="global",source="factory",vdom="root"} 0 fortigate_certificate_cmdb_references{name="Fortinet_CA_Untrusted",scope="vdom",source="factory",vdom="root"} 5 fortigate_certificate_cmdb_references{name="Fortinet_Factory",scope="global",source="factory",vdom="root"} 4 fortigate_certificate_cmdb_references{name="Fortinet_Factory",scope="vdom",source="factory",vdom="root"} 2 fortigate_certificate_cmdb_references{name="Fortinet_Factory_Backup",scope="global",source="factory",vdom="root"} 0......# HELP probe_duration_seconds How many seconds the probe took to complete # TYPE probe_duration_seconds gauge probe_duration_seconds 1.422095243 # HELP probe_success Whether or not the probe succeeded # TYPE probe_success gauge probe_success 0
STEP5:Import Grafana Dashboard
https://grafana.com/grafana/dashboards/14011-fortigate-prometheus-exporter/
https://grafana.com/grafana/dashboards/13681-fortigate-vdom-overview-example/
https://grafana.com/grafana/dashboards/12906-fortigate-exporter/
沒有留言:
張貼留言