[](https://github.com/thenodon/fortigate-exporter-discovery//actions/workflows/python-app.yml)
[](https://badge.fury.io/py/fortigate-exporter-discovery)
fortigate-exporter-discovery
------------------------
# Overview
The fortigate-exporter-discovery is a Prometheus discovery tool that use a Fortimanager instance
to get fortigate's based on adoms.
It works both for file and http service discovery.
The tool can also work as an exporter for metrics related to the relation between a Fortimanager and its Fortigate's.
This is only supported when run in `server` mode.
The tool work with the [fortigate-exporter](https://github.com/bluecmd/fortigate_exporter).
> It requires that the following pull request is accepted https://github.com/bluecmd/fortigate_exporter/pull/206 or
> you can use https://github.com/thenodon/fortigate_exporter.
# Labels naming (since 0.5.0)
All labels are returned prefixed as `__meta_fortigate_`
# Configuration
The configuration file include the credentials for the Fortimanager and the configuration for each adom.
> The `token` used for the Fortigate api access should be the same for all Fotigate in the same adom.
Example:
```yaml
fmg:
# The url, username and password of the Fortimanager
host: "https://fmg.foo.com"
username: fmg_foo
password: fmg_foo_password
adoms:
- name: SDWAN_Foo
# Additional labels that will be added to all metrics
labels:
customer: Foo
# This is common for all Fortigates in the same adom
fortigate:
# The api token of the Fortigates
token: XYZ
# The port where the Fortigates expose the API
port: 44343
# Profile is a named entry in fortigate-exporter fortigate-key.yaml file to get probes exclude/includes
profile: common
```
Two environment variables must be set.
- FMG_DISCOVERY_CONFIG - the path to the above config file, default is `./config.yml`
- FMG_DISCOVERY_PROMETHEUS_SD_FILE_DIRECTORY - the output directory for the file discovery files used in your Prometheus
configuration. Each adom will have its own file.
- FMG_DISCOVERY_LOG_LEVEL - the log level, default `WARNING`
- FMG_DISCOVERY_LOG_FILE - the log file, default `stdout`
- FMG_DISCOVERY_HOST - the ip to expose the exporter on, default `0.0.0.0` - only applicable if running in server mode
- FMG_DISCOVERY_PORT - the port to expose the exporter on, default `9693`
- FMG_DISCOVERY_BASIC_AUTH_ENABLED - use basic auth if set to anything, default `false`
- FMG_DISCOVERY_BASIC_AUTH_USERNAME - the username
- FMG_DISCOVERY_BASIC_AUTH_PASSWORD - the password
- FMG_DISCOVERY_CACHE_TTL - the ttl in seconds to keep the result from Fortimanager in cache, default `60`
> FMG_DISCOVERY_CACHE_TTL is a measure to secure the Fortimanager from an api request storm.
# Run
## File service discovery
```shell
pip install fortigate-exporter-discovery
FMG_DISCOVERY_CONFIG=config.yml
FMG_DISCOVERY_PROMETHEUS_SD_FILE_DIRECTORY=/etc/prometheus/file_sd/fortigate
python -m fmg_discovery
```
## Http service discovery
```shell
pip install fortigate-exporter-discovery
FMG_DISCOVERY_CONFIG=config.yml
FMG_DISCOVERY_BASIC_AUTH_ENABLED=true
FMG_DISCOVERY_BASIC_AUTH_USERNAME=foo
FMG_DISCOVERY_BASIC_AUTH_PASSWORD=bar
FMG_DISCOVERY_LOG_LEVEL=INFO
python -m fmg_discovery --server
```
Test discovery by curl
```shell
curl -ufoo:bar localhost:9693/prometheus-sd-targets
```
Test exporter by curl
```shell
curl -ufoo:bar localhost:9693/metrics
# HELP fmg_conf_status Configuration status 1==insync 0==all other states
# TYPE fmg_conf_status gauge
....
# HELP fmg_conn_status Connection status 1==up 0==all other states
# TYPE fmg_conn_status gauge
....
# HELP fmg_conn_mode Connection mode 1==active 0==all other states
# TYPE fmg_conn_mode gauge
....
```
# Prometheus job configuration
Example:
```yaml
- job_name: 'fortigate_exporter'
metrics_path: /probe
file_sd_configs:
- files:
- /etc/prometheus/file_sd/fortigate/*.yml
params:
# If profile is not part of your labels from the discovery
profile:
- fs124e
relabel_configs:
- source_labels:
- __meta_fortigate_name
action: replace
target_label: name
- source_labels:
- __meta_fortigate_zone
action: replace
target_label: zone
- source_labels:
- __meta_fortigate_adom
action: replace
target_label: adom
- source_labels:
- __meta_fortigate_latitude
action: replace
target_label: latitude
- source_labels:
- __meta_fortigate_longitude
action: replace
target_label: longitude
- source_labels:
- __meta_fortigate_platform
action: replace
target_label: platform
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__meta_fortigate_token]
target_label: __param_token
- source_labels: [__param_target]
regex: '(?:.+)(?::\/\/)([^:]*).*'
target_label: instance
- target_label: __address__
replacement: '[::1]:9710'
```
Make sure to use the last labeldrop on the `token` label so that the tokens is not be part of your time series.
> Since `token` is a label it will be shown in the Prometheus webgui at `http://<your prometheus>:9090/targets`.
>
> **Make sure you protect your Prometheus if you add the token part of your prometheus config**
>
> Some options to protect Prometheus:
> - Only expose UI to localhost --web.listen-address="127.0.0.1:9090"
> - Basic authentication access - https://prometheus.io/docs/guides/basic-auth/
> - It is your responsibility!
Raw data
{
"_id": null,
"home_page": "https://github.com/thenodon/fortigate-exporter-discovery",
"name": "fortigate-exporter-discovery",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "",
"author": "thenodon",
"author_email": "aha@ingby.com",
"download_url": "https://files.pythonhosted.org/packages/bd/96/dacaed6757a0391f4a242e821abd49bd1a193a1a60948ae73d23e259ea6a/fortigate-exporter-discovery-0.5.0.tar.gz",
"platform": null,
"description": "[](https://github.com/thenodon/fortigate-exporter-discovery//actions/workflows/python-app.yml)\n[](https://badge.fury.io/py/fortigate-exporter-discovery)\n\nfortigate-exporter-discovery\n------------------------\n# Overview\n\nThe fortigate-exporter-discovery is a Prometheus discovery tool that use a Fortimanager instance\nto get fortigate's based on adoms. \nIt works both for file and http service discovery.\n\nThe tool can also work as an exporter for metrics related to the relation between a Fortimanager and its Fortigate's.\nThis is only supported when run in `server` mode.\n\nThe tool work with the [fortigate-exporter](https://github.com/bluecmd/fortigate_exporter).\n> It requires that the following pull request is accepted https://github.com/bluecmd/fortigate_exporter/pull/206 or \n> you can use https://github.com/thenodon/fortigate_exporter. \n\n# Labels naming (since 0.5.0)\nAll labels are returned prefixed as `__meta_fortigate_`\n\n# Configuration\n\nThe configuration file include the credentials for the Fortimanager and the configuration for each adom.\n> The `token` used for the Fortigate api access should be the same for all Fotigate in the same adom.\n\nExample:\n\n```yaml\nfmg:\n # The url, username and password of the Fortimanager \n host: \"https://fmg.foo.com\"\n username: fmg_foo\n password: fmg_foo_password\n\n adoms:\n - name: SDWAN_Foo\n # Additional labels that will be added to all metrics\n labels:\n customer: Foo\n # This is common for all Fortigates in the same adom\n fortigate:\n # The api token of the Fortigates\n token: XYZ\n # The port where the Fortigates expose the API\n port: 44343\n # Profile is a named entry in fortigate-exporter fortigate-key.yaml file to get probes exclude/includes\n profile: common\n```\n\nTwo environment variables must be set.\n\n- FMG_DISCOVERY_CONFIG - the path to the above config file, default is `./config.yml`\n- FMG_DISCOVERY_PROMETHEUS_SD_FILE_DIRECTORY - the output directory for the file discovery files used in your Prometheus\nconfiguration. Each adom will have its own file.\n- FMG_DISCOVERY_LOG_LEVEL - the log level, default `WARNING`\n- FMG_DISCOVERY_LOG_FILE - the log file, default `stdout`\n- FMG_DISCOVERY_HOST - the ip to expose the exporter on, default `0.0.0.0` - only applicable if running in server mode\n- FMG_DISCOVERY_PORT - the port to expose the exporter on, default `9693`\n- FMG_DISCOVERY_BASIC_AUTH_ENABLED - use basic auth if set to anything, default `false`\n- FMG_DISCOVERY_BASIC_AUTH_USERNAME - the username \n- FMG_DISCOVERY_BASIC_AUTH_PASSWORD - the password \n- FMG_DISCOVERY_CACHE_TTL - the ttl in seconds to keep the result from Fortimanager in cache, default `60`\n\n> FMG_DISCOVERY_CACHE_TTL is a measure to secure the Fortimanager from an api request storm.\n\n# Run \n\n## File service discovery\n```shell\npip install fortigate-exporter-discovery\nFMG_DISCOVERY_CONFIG=config.yml\nFMG_DISCOVERY_PROMETHEUS_SD_FILE_DIRECTORY=/etc/prometheus/file_sd/fortigate\npython -m fmg_discovery\n```\n\n## Http service discovery\n```shell\npip install fortigate-exporter-discovery\nFMG_DISCOVERY_CONFIG=config.yml\nFMG_DISCOVERY_BASIC_AUTH_ENABLED=true\nFMG_DISCOVERY_BASIC_AUTH_USERNAME=foo\nFMG_DISCOVERY_BASIC_AUTH_PASSWORD=bar\nFMG_DISCOVERY_LOG_LEVEL=INFO\npython -m fmg_discovery --server\n```\nTest discovery by curl\n\n```shell\ncurl -ufoo:bar localhost:9693/prometheus-sd-targets\n```\n\nTest exporter by curl\n\n```shell\ncurl -ufoo:bar localhost:9693/metrics\n# HELP fmg_conf_status Configuration status 1==insync 0==all other states\n# TYPE fmg_conf_status gauge\n....\n# HELP fmg_conn_status Connection status 1==up 0==all other states\n# TYPE fmg_conn_status gauge\n....\n# HELP fmg_conn_mode Connection mode 1==active 0==all other states\n# TYPE fmg_conn_mode gauge\n....\n\n```\n\n# Prometheus job configuration\n\nExample:\n\n```yaml\n - job_name: 'fortigate_exporter'\n metrics_path: /probe\n file_sd_configs:\n - files:\n - /etc/prometheus/file_sd/fortigate/*.yml\n params:\n # If profile is not part of your labels from the discovery\n profile:\n - fs124e\n relabel_configs:\n - source_labels:\n - __meta_fortigate_name\n action: replace\n target_label: name\n - source_labels:\n - __meta_fortigate_zone\n action: replace\n target_label: zone\n - source_labels:\n - __meta_fortigate_adom\n action: replace\n target_label: adom\n - source_labels:\n - __meta_fortigate_latitude\n action: replace\n target_label: latitude\n - source_labels:\n - __meta_fortigate_longitude\n action: replace\n target_label: longitude\n - source_labels:\n - __meta_fortigate_platform\n action: replace\n target_label: platform \n\n - source_labels: [__address__]\n target_label: __param_target\n - source_labels: [__meta_fortigate_token]\n target_label: __param_token\n - source_labels: [__param_target]\n regex: '(?:.+)(?::\\/\\/)([^:]*).*'\n target_label: instance\n - target_label: __address__\n replacement: '[::1]:9710'\n \n```\nMake sure to use the last labeldrop on the `token` label so that the tokens is not be part of your time series.\n> Since `token` is a label it will be shown in the Prometheus webgui at `http://<your prometheus>:9090/targets`.\n>\n> **Make sure you protect your Prometheus if you add the token part of your prometheus config**\n>\n> Some options to protect Prometheus:\n> - Only expose UI to localhost --web.listen-address=\"127.0.0.1:9090\"\n> - Basic authentication access - https://prometheus.io/docs/guides/basic-auth/\n> - It is your responsibility!\n\n\n",
"bugtrack_url": null,
"license": "GPLv3",
"summary": "A Prometheus file discovery for Fortigate's based on FortiManager",
"version": "0.5.0",
"project_urls": {
"Homepage": "https://github.com/thenodon/fortigate-exporter-discovery"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "70194ccfc851442e71e6ef8254fddec356a40630f2408d5c22cba4703b3b1ef2",
"md5": "60673cb80ac71c33133f94d2d499caaa",
"sha256": "dd50ce2e42a4bd3b0a3bb883bdc0227a5024a6aa46a0dbdd767a8218d1fe2af9"
},
"downloads": -1,
"filename": "fortigate_exporter_discovery-0.5.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "60673cb80ac71c33133f94d2d499caaa",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 33103,
"upload_time": "2023-08-17T11:52:47",
"upload_time_iso_8601": "2023-08-17T11:52:47.311923Z",
"url": "https://files.pythonhosted.org/packages/70/19/4ccfc851442e71e6ef8254fddec356a40630f2408d5c22cba4703b3b1ef2/fortigate_exporter_discovery-0.5.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "bd96dacaed6757a0391f4a242e821abd49bd1a193a1a60948ae73d23e259ea6a",
"md5": "e2b7d92bb592f0ef7f6d7a866d644d5b",
"sha256": "f597bc743960881e3930f13f1a180441be8f917eb83f72d5bed5cf21189ce61a"
},
"downloads": -1,
"filename": "fortigate-exporter-discovery-0.5.0.tar.gz",
"has_sig": false,
"md5_digest": "e2b7d92bb592f0ef7f6d7a866d644d5b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 27279,
"upload_time": "2023-08-17T11:52:49",
"upload_time_iso_8601": "2023-08-17T11:52:49.111720Z",
"url": "https://files.pythonhosted.org/packages/bd/96/dacaed6757a0391f4a242e821abd49bd1a193a1a60948ae73d23e259ea6a/fortigate-exporter-discovery-0.5.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-17 11:52:49",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "thenodon",
"github_project": "fortigate-exporter-discovery",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "fortigate-exporter-discovery"
}
JSON
