Prometheus monitoring Fortigate --- Error

[Đỗ Ngọc Thiện]

Hi all,

i am a new member,  I recently configure Prometheus/snmp_exporter to monitors Fortigate.

i am  using the default smnp.yml which I generate form snmp generator. 

my  generator.yml  setting look like this:

cat go/src/github.com/prometheus/snmp_exporter/generator/generator.yml
modules:
########## Fortigate
  fortigate_snmp:  # The module name. You can have as many modules as you want.
    walk:       # List of OIDs to walk. Can also be SNMP object names or specific instances.
      - ifXTable
      - fgVpn
      - fgSystem
      - fgIntf
    version: 2  # SNMP version to use. Defaults to 2.
                # 1 will use GETNEXT, 2 and 3 use GETBULK.
    max_repetitions: 25  # How many objects to request with GET/GETBULK, defaults to 25.
                         # May need to be reduced for buggy devices.
    retries: 3   # How many times to retry a failed request, defaults to 3.
    timeout: 5s  # Timeout for each individual SNMP request, defaults to 5s.

    auth:
      # Community string is used with SNMP v1 and v2. Defaults to "public".
      community: itpgroup

and my  Prometheus.yml   setting look like this:

#### FORTIGATE
  - job_name: 'fortigate'
    static_configs:
      - targets:
        - 10.1.11.1 # fortigate device.
        labels:                          
         hostname: FW_ITP
         device: fortigate
         company: ITP
    scrape_interval: 3m
    scrape_timeout : 3m
    metrics_path: /snmp
    params:
      module: [fortigate_snmp]
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 172.144.101.26:9116  # SNMP exporter.

then i check curl: http://172.144.101.26:9116/

please help.

[Ben Kochie]

I would highly recommend looking at the fortigate_exporter.

https://github.com/bluecmd/fortigate_exporter

--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/0aaf073a-d23a-4e2a-b6b9-c172adb8ea56n%40googlegroups.com.

[Đỗ Ngọc Thiện]

Could you please tell me where is wrong?

Vào lúc 17:09:19 UTC+7 ngày Thứ Tư, 4 tháng 5, 2022, sup...@gmail.com đã viết:

[Brian Candler]

The problem is that snmp_exporter is unable to talk to your Fortigate device using SNMP - it gets no response.

In my experience, the problem is usually due to one of the following:

1. The device is not reachable from snmp_exporter's IP address, e.g. there's a network ACL or firewall in between which drops the SNMP traffic

2. The device has an SNMP ACL which blocks requests from snmp_exporter's IP address

3. You are using the wrong SNMP version or SNMP community string

To debug this, I suggest that on the same box where you're running snmp_exporter, use command-line tools 'snmpstatus' or 'snmpwalk' to communicate with the device.  Once you have this working, then can you change the settings of snmp_exporter to match.

[Đỗ Ngọc Thiện]

thanks all

Vào lúc 13:29:41 UTC+7 ngày Thứ Năm, 5 tháng 5, 2022, Brian Candler đã viết: