'기술 노트/ubuntu' 카테고리의 글 목록 (2 Page)

기술 노트/ubuntu

telegraf 설치하기

2024. 3. 15. 19:16

공식 사이트 정보

https://www.influxdata.com/downloads/

InfluxData Downloads

Register your download Get access to the new InfluxDB Open Source Software Onboarding Guide, product updates, and free InfluxDB stickers!

www.influxdata.com

설치 방법

# influxdata-archive_compat.key GPG fingerprint:
#     9D53 9D90 D332 8DC7 D6C8 D3B9 D8FF 8E1F 7DF8 B07E
wget -q https://repos.influxdata.com/influxdata-archive_compat.key
echo '393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c influxdata-archive_compat.key' | sha256sum -c && cat influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list

sudo apt-get update && sudo apt-get install telegraf

root@syslogserver:~# apt install telegraf
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 새 패키지를 설치할 것입니다:
  telegraf
0개 업그레이드, 1개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
60.4 M바이트 아카이브를 받아야 합니다.
이 작업 후 225 M바이트의 디스크 공간을 더 사용하게 됩니다.
받기:1 https://repos.influxdata.com/debian stable/main amd64 telegraf amd64 1.30.0-1 [60.4 MB]
내려받기 60.4 M바이트, 소요시간 7초 (8,265 k바이트/초)
Selecting previously unselected package telegraf.
(데이터베이스 읽는중 ...현재 329648개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../telegraf_1.30.0-1_amd64.deb ...
Unpacking telegraf (1.30.0-1) ...
telegraf (1.30.0-1) 설정하는 중입니다 ...
Created symlink /etc/systemd/system/multi-user.target.wants/telegraf.service → /lib/systemd/system/telegraf.service.
root@syslogserver:~# systemctl enable telegraf.service
root@syslogserver:~#

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

telegraf 설정하기 (0)	2024.03.15
influxdb token 확인하기 (0)	2024.03.15
InfluxDB 2.x 설치하기 (1)	2024.03.15
sudo 권한 부여하기 (0)	2024.03.11
snmp-exporter에 MIB 등록하기 (0)	2024.02.07

InfluxDB 2.x 설치하기

2024. 3. 15. 19:06

공식 사이트 정보

https://www.influxdata.com/downloads/

InfluxData Downloads

Register your download Get access to the new InfluxDB Open Source Software Onboarding Guide, product updates, and free InfluxDB stickers!

www.influxdata.com

설치 방법

# influxdata-archive_compat.key GPG fingerprint:
#     9D53 9D90 D332 8DC7 D6C8 D3B9 D8FF 8E1F 7DF8 B07E
wget -q https://repos.influxdata.com/influxdata-archive_compat.key
echo '393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c influxdata-archive_compat.key' | sha256sum -c && cat influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list

sudo apt-get update && sudo apt-get install influxdb2

root@syslogserver:~# apt install influxdb2
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
The following additional packages will be installed:
  influxdb2-cli
다음 새 패키지를 설치할 것입니다:
  influxdb2 influxdb2-cli
0개 업그레이드, 2개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
11.5 M바이트/58.9 M바이트 아카이브를 받아야 합니다.
이 작업 후 133 M바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y
받기:1 https://repos.influxdata.com/debian stable/main amd64 influxdb2-cli amd64 2.7.3-1 [11.5 MB]
내려받기 11.5 M바이트, 소요시간 2초 (5,183 k바이트/초)
Selecting previously unselected package influxdb2.
(데이터베이스 읽는중 ...현재 329632개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../influxdb2_2.7.5-1_amd64.deb ...
Unpacking influxdb2 (2.7.5-1) ...
Preparing to unpack .../influxdb2-cli_2.7.3-1_amd64.deb ...
Unpacking influxdb2-cli (2.7.3-1) ...
influxdb2 (2.7.5-1) 설정하는 중입니다 ...
Synchronizing state of influxdb.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable influxdb
Failed to enable unit: Unit file /etc/systemd/system/influxdb.service is masked.
influxdb2-cli (2.7.3-1) 설정하는 중입니다 ...
root@syslogserver:~#
root@syslogserver:~# influxd
2024-03-15T01:52:00.472320Z     info    Welcome to InfluxDB     {"log_id": "0nwxmwr0000", "version": "v2.7.5", "commit": "09a9607fd9", "build_date": "2024-01-05T17:17:04Z", "log_level": "info"}
2024-03-15T01:52:00.759754Z     info    Resources opened        {"log_id": "0nwxmwr0000", "service": "bolt", "path": "/root/.influxdbv2/influxd.bolt"}
2024-03-15T01:52:00.759929Z     info    Resources opened        {"log_id": "0nwxmwr0000", "service": "sqlite", "path": "/root/.influxdbv2/influxd.sqlite"}
2024-03-15T01:52:00.784775Z     info    Bringing up metadata migrations {"log_id": "0nwxmwr0000", "service": "KV migrations", "migration_count": 20}
2024-03-15T01:52:07.466993Z     info    Bringing up metadata migrations {"log_id": "0nwxmwr0000", "service": "SQL migrations", "migration_count": 8}
2024-03-15T01:52:09.607580Z     info    Using data dir  {"log_id": "0nwxmwr0000", "service": "storage-engine", "service": "store", "path": "/root/.influxdbv2/engine/data"}
2024-03-15T01:52:09.607821Z     info    Compaction settings     {"log_id": "0nwxmwr0000", "service": "storage-engine", "service": "store", "max_concurrent_compactions": 2, "throughput_bytes_per_second": 50331648, "throughput_bytes_per_second_burst": 50331648}
2024-03-15T01:52:09.607849Z     info    Open store (start)      {"log_id": "0nwxmwr0000", "service": "storage-engine", "service": "store", "op_name": "tsdb_open", "op_event": "start"}
2024-03-15T01:52:09.607944Z     info    Open store (end)        {"log_id": "0nwxmwr0000", "service": "storage-engine", "service": "store", "op_name": "tsdb_open", "op_event": "end", "op_elapsed": "0.097ms"}
2024-03-15T01:52:09.608023Z     info    Starting retention policy enforcement service   {"log_id": "0nwxmwr0000", "service": "retention", "check_interval": "30m"}
2024-03-15T01:52:09.608050Z     info    Starting precreation service    {"log_id": "0nwxmwr0000", "service": "shard-precreation", "check_interval": "10m", "advance_period": "30m"}
2024-03-15T01:52:09.609422Z     info    Starting query controller       {"log_id": "0nwxmwr0000", "service": "storage-reads", "concurrency_quota": 1024, "initial_memory_bytes_quota_per_query": 9223372036854775807, "memory_bytes_quota_per_query": 9223372036854775807, "max_memory_bytes": 0, "queue_size": 1024}
2024-03-15T01:52:09.612387Z     info    Configuring InfluxQL statement executor (zeros indicate unlimited).     {"log_id": "0nwxmwr0000", "max_select_point": 0, "max_select_series": 0, "max_select_buckets": 0}
2024-03-15T01:52:09.798125Z     info    Starting        {"log_id": "0nwxmwr0000", "service": "telemetry", "interval": "8h"}
2024-03-15T01:52:09.798375Z     info    Listening       {"log_id": "0nwxmwr0000", "service": "tcp-listener", "transport": "http", "addr": ":8086", "port": 8086}

systemctl 실행 등록하기

root@syslogserver:~# systemctl enable --now influxdb.service
Synchronizing state of influxdb.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable influxdb
Created symlink /etc/systemd/system/influxd.service → /lib/systemd/system/influxdb.service.

#influxdb.service 서비스가 왜 influxd.service 이렇게 등록이 되는지는 모르겠어요.
root@syslogserver:~# systemctl restart influxd
influxd.service   influxdb.service
root@syslogserver:~#

#수동으로 변경해줍니다.
root@syslogserver:~# mv /etc/systemd/system/influxd.service /etc/systemd/system/influxdb.service
root@syslogserver:~# systemctl restart influxd \tab
influxd.service   influxdb.service # 아직 2개가 검색이 됩니다.
root@syslogserver:~# systemctl restart influxd^C # Ctrl + C 눌러서 중지
root@syslogserver:~# systemctl daemon-reload 
root@syslogserver:~# systemctl restart influxdb.service # influxdb.service 한개만 검색 됩니다.

웹 접속: http://{ip address}:8086

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

influxdb token 확인하기 (0)	2024.03.15
telegraf 설치하기 (1)	2024.03.15
sudo 권한 부여하기 (0)	2024.03.11
snmp-exporter에 MIB 등록하기 (0)	2024.02.07
elastalert2 rules 설정 (0)	2024.01.15

sudo 권한 부여하기

2024. 3. 11. 20:43

root@syslogserver:/etc# cat /etc/group | grep sudo
sudo:x:27:logmgmt,ayaan <- 해당 부분에 허용할 그룹을 추가해주면 됩니다.
root@syslogserver:/etc#

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

telegraf 설치하기 (1)	2024.03.15
InfluxDB 2.x 설치하기 (1)	2024.03.15
snmp-exporter에 MIB 등록하기 (0)	2024.02.07
elastalert2 rules 설정 (0)	2024.01.15
elastalert2 설치하기 (0)	2024.01.15

snmp-exporter에 MIB 등록하기

2024. 2. 7. 18:48

mib 파일 등록하기 (ubuntu에 넣는 방법)

저는 다운로드 받은 파일에 확장자가 txt가 붙었네요.

확장자가 붙은 경우 txt 확장자를 제거해주시거나, ubuntu로 옮긴 후 확장자 제거해 주세요.

1. 윈도우즈

C:\Users\test\Downloads>scp .\FORTINET-CORE-MIB.txt .\FORTINET-FORTIGATE-MIB.txt logmgmt@192.168.0.100:~
ID@192.168.0.100's password:
FORTINET-CORE-MIB.txt                                                                 100%   15KB   4.9MB/s   00:00
FORTINET-FORTIGATE-MIB.txt                                                            100%  397KB  24.2MB/s   00:00

C:\Users\test\Downloads>

2. ubuntu

logmgmt@syslogserver:~$ ls -al
total 8492
drwxr-x--- 14 logmgmt logmgmt    4096  2월  6 15:55 .
drwxr-xr-x  3 root    root       4096 11월 28 13:53 ..
-rw-------  1 logmgmt logmgmt   43176  2월  6 12:26 .bash_history
-rw-r--r--  1 logmgmt logmgmt     220 11월 28 13:53 .bash_logout
-rw-r--r--  1 logmgmt logmgmt    3771 11월 28 13:53 .bashrc
drwx------ 11 logmgmt logmgmt    4096  1월 12 16:59 .cache
drwx------ 11 logmgmt logmgmt    4096 11월 28 18:07 .config
-rw-------  1 logmgmt logmgmt      20 12월 28 10:44 .lesshst
drwx------  5 logmgmt logmgmt    4096  1월 12 17:15 .local
-rw-r--r--  1 logmgmt logmgmt     807 11월 28 13:53 .profile
-rw-------  1 logmgmt logmgmt       5  1월 12 16:44 .python_history
-rw-r--r--  1 logmgmt logmgmt       0 11월 28 18:04 .sudo_as_admin_successful
-rw-rw-r--  1 logmgmt logmgmt     254 12월 22 17:57 .wget-hsts
-rw-rw-r--  1 logmgmt logmgmt   15309  2월  6 15:55 FORTINET-CORE-MIB.txt
-rw-rw-r--  1 logmgmt logmgmt  406521  2월  6 15:55 FORTINET-FORTIGATE-MIB.txt
-rw-rw-r--  1 logmgmt logmgmt 8134656  1월 15 14:37 elastalert.txt
drwx------  5 logmgmt logmgmt    4096 12월 26 17:51 snap
drwxr-xr-x  2 logmgmt logmgmt    4096 11월 28 16:14 공개
drwxr-xr-x  2 logmgmt logmgmt    4096 11월 28 16:14 다운로드
drwxr-xr-x  2 logmgmt logmgmt    4096 11월 28 16:14 문서
drwxr-xr-x  2 logmgmt logmgmt    4096 11월 28 16:14 바탕화면
drwxr-xr-x  2 logmgmt logmgmt    4096 11월 28 16:14 비디오
drwxr-xr-x  2 logmgmt logmgmt    4096 11월 28 16:14 사진
drwxr-xr-x  2 logmgmt logmgmt    4096 11월 28 16:14 음악
drwxr-xr-x  2 logmgmt logmgmt    4096 11월 28 16:14 템플릿
logmgmt@syslogserver:~$ sudo mv ./FORTINET-CORE-MIB.txt ./FORTINET-FORTIGATE-MIB.txt /usr/share/snmp/mibs/ietf
[sudo] password for logmgmt:
logmgmt@syslogserver:~$ cd /usr/share/snmp/mibs/ietf
logmgmt@syslogserver:/usr/share/snmp/mibs/ietf$ ls -al | grep FORTINET
-rw-rw-r-- 1 logmgmt logmgmt  15309  2월  6 15:55 FORTINET-CORE-MIB.txt
-rw-rw-r-- 1 logmgmt logmgmt 406521  2월  6 15:55 FORTINET-FORTIGATE-MIB.txt
logmgmt@syslogserver:/usr/share/snmp/mibs/ietf$ sudo mv ./FORTINET-CORE-MIB.txt ./FORTINET-CORE-MIB
logmgmt@syslogserver:/usr/share/snmp/mibs/ietf$ sudo mv ./FORTINET-FORTIGATE-MIB.txt ./FORTINET-FORTIGATE-MIB
logmgmt@syslogserver:/usr/share/snmp/mibs/ietf$ ls -al | grep FORTINET
-rw-rw-r-- 1 logmgmt logmgmt  15309  2월  6 15:55 FORTINET-CORE-MIB
-rw-rw-r-- 1 logmgmt logmgmt 406521  2월  6 15:55 FORTINET-FORTIGATE-MIB
logmgmt@syslogserver:/usr/share/snmp/mibs/ietf$ sudo chown root:root ./FORTINET-*
logmgmt@syslogserver:/usr/share/snmp/mibs/ietf$ ls -al | grep FORTINET
-rw-rw-r-- 1 root root  15309  2월  6 15:55 FORTINET-CORE-MIB
-rw-rw-r-- 1 root root 406521  2월  6 15:55 FORTINET-FORTIGATE-MIB
logmgmt@syslogserver:/usr/share/snmp/mibs/ietf$

2.1 mib 파일명 체크: 2.1.3의 확장자 없애기를 하셔야 에러가 없습니다.

2.1.1 확장자 txt 일 경우

root@syslogserver:/usr/share/snmp/mibs/ietf# mv ./FORTINET-CORE-MIB ./FORTINET-CORE-MIB.txt
root@syslogserver:/usr/share/snmp/mibs/ietf# mv ./FORTINET-FORTIGATE-MIB ./FORTINET-FORTIGATE-MIB.txt
root@syslogserver:/usr/share/snmp/mibs/ietf# systemctl restart snmp-exporter.service
root@syslogserver:/usr/share/snmp/mibs/ietf# systemctl status snmp-exporter.service | more
● snmp-exporter.service - Prometheus SNMP Exporter Service
     Loaded: loaded (/etc/systemd/system/snmp-exporter.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-02-06 15:29:18 KST; 23s ago
   Main PID: 2631842 (snmp_exporter)
      Tasks: 9 (limit: 19052)
     Memory: 10.7M
        CPU: 136ms
     CGroup: /system.slice/snmp-exporter.service
             └─2631842 /usr/local/bin/snmp_exporter --config.file=/opt/snmp_exporter/snmp.yml

 2월 06 15:29:18 syslogserver systemd[1]: Started Prometheus SNMP Exporter Service.
 2월 06 15:29:18 syslogserver snmp_exporter[2631842]: ts=2024-02-06T06:29:18.664Z caller=main.go:194 level=info msg="Starting snmp_exporter" version="(version=0.25.0, branch=HEAD, revision=9c42d6c87
4d479314e612bca69558c81f8e26287)" concurrency=1
 2월 06 15:29:18 syslogserver snmp_exporter[2631842]: ts=2024-02-06T06:29:18.664Z caller=main.go:195 level=info build_context="(go=go1.21.5, platform=linux/amd64, user=root@880115266f70, date=202312
10-10:05:18, tags=netgo)"
 2월 06 15:29:18 syslogserver snmp_exporter[2631842]: ts=2024-02-06T06:29:18.758Z caller=tls_config.go:274 level=info msg="Listening on" address=[::]:9116
 2월 06 15:29:18 syslogserver snmp_exporter[2631842]: ts=2024-02-06T06:29:18.758Z caller=tls_config.go:277 level=info msg="TLS is disabled." http2=false address=[::]:9116
 2월 06 15:29:23 syslogserver snmp_exporter[2631842]: ts=2024-02-06T06:29:23.950Z caller=collector.go:393 level=info auth=public_v2 target=192.168.104.1 module=fortinet_fortigate msg="Error scraping
 target" err="error walking target 192.168.104.1: marshal: marshalPDU: unable to marshal varbind list: unable to marshal OID: Invalid object identifier"
 2월 06 15:29:38 syslogserver snmp_exporter[2631842]: ts=2024-02-06T06:29:38.952Z caller=collector.go:393 level=info auth=public_v2 target=192.168.104.1 module=fortinet_fortigate msg="Error scraping
 target" err="error walking target 192.168.104.1: marshal: marshalPDU: unable to marshal varbind list: unable to marshal OID: Invalid object identifier"
 root@syslogserver:/usr/share/snmp/mibs/ietf#

2.1.2 확장자 mib 일 경우

root@syslogserver:/usr/share/snmp/mibs/ietf# mv ./FORTINET-CORE-MIB.txt ./FORTINET-CORE-MIB.mib
root@syslogserver:/usr/share/snmp/mibs/ietf# mv ./FORTINET-FORTIGATE-MIB.txt ./FORTINET-FORTIGATE-MIB.mib
root@syslogserver:/usr/share/snmp/mibs/ietf# systemctl restart snmp-exporter.service
root@syslogserver:/usr/share/snmp/mibs/ietf# systemctl status snmp-exporter.service | more
● snmp-exporter.service - Prometheus SNMP Exporter Service
     Loaded: loaded (/etc/systemd/system/snmp-exporter.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-02-06 15:33:20 KST; 3s ago
   Main PID: 2631948 (snmp_exporter)
      Tasks: 8 (limit: 19052)
     Memory: 15.9M
        CPU: 142ms
     CGroup: /system.slice/snmp-exporter.service
             └─2631948 /usr/local/bin/snmp_exporter --config.file=/opt/snmp_exporter/snmp.yml

 2월 06 15:33:20 syslogserver systemd[1]: Started Prometheus SNMP Exporter Service.
 2월 06 15:33:20 syslogserver snmp_exporter[2631948]: ts=2024-02-06T06:33:20.549Z caller=main.go:194 level=info msg="Starting snmp_exporter" version="(version=0.25.0, branch=HEAD, revision=9c42d6c87
4d479314e612bca69558c81f8e26287)" concurrency=1
 2월 06 15:33:20 syslogserver snmp_exporter[2631948]: ts=2024-02-06T06:33:20.549Z caller=main.go:195 level=info build_context="(go=go1.21.5, platform=linux/amd64, user=root@880115266f70, date=202312
10-10:05:18, tags=netgo)"
 2월 06 15:33:20 syslogserver snmp_exporter[2631948]: ts=2024-02-06T06:33:20.667Z caller=tls_config.go:274 level=info msg="Listening on" address=[::]:9116
 2월 06 15:33:20 syslogserver snmp_exporter[2631948]: ts=2024-02-06T06:33:20.667Z caller=tls_config.go:277 level=info msg="TLS is disabled." http2=false address=[::]:9116
 2월 06 15:33:23 syslogserver snmp_exporter[2631948]: ts=2024-02-06T06:33:23.951Z caller=collector.go:393 level=info auth=public_v2 target=192.168.104.1 module=fortinet_fortigate msg="Error scraping
 target" err="error walking target 192.168.104.1: marshal: marshalPDU: unable to marshal varbind list: unable to marshal OID: Invalid object identifier"
root@syslogserver:/usr/share/snmp/mibs/ietf#

2.1.3 확장자가 없을 경우

root@syslogserver:/usr/share/snmp/mibs/ietf# mv ./FORTINET-CORE-MIB.mib ./FORTINET-CORE-MIB
root@syslogserver:/usr/share/snmp/mibs/ietf# mv ./FORTINET-FORTIGATE-MIB.mib ./FORTINET-FORTIGATE-MIB
root@syslogserver:/usr/share/snmp/mibs/ietf# systemctl restart snmp-exporter.service
root@syslogserver:/usr/share/snmp/mibs/ietf# systemctl status snmp-exporter.service | more
● snmp-exporter.service - Prometheus SNMP Exporter Service
     Loaded: loaded (/etc/systemd/system/snmp-exporter.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-02-06 15:36:57 KST; 6s ago
   Main PID: 2631988 (snmp_exporter)
      Tasks: 8 (limit: 19052)
     Memory: 17.4M
        CPU: 125ms
     CGroup: /system.slice/snmp-exporter.service
             └─2631988 /usr/local/bin/snmp_exporter --config.file=/opt/snmp_exporter/snmp.yml

 2월 06 15:36:57 syslogserver systemd[1]: Started Prometheus SNMP Exporter Service.
 2월 06 15:36:57 syslogserver snmp_exporter[2631988]: ts=2024-02-06T06:36:57.412Z caller=main.go:194 level=info msg="Starting snmp_exporter" version="(version=0.25.0, branch=HEAD, revision=9c42d6c87
4d479314e612bca69558c81f8e26287)" concurrency=1
 2월 06 15:36:57 syslogserver snmp_exporter[2631988]: ts=2024-02-06T06:36:57.412Z caller=main.go:195 level=info build_context="(go=go1.21.5, platform=linux/amd64, user=root@880115266f70, date=202312
10-10:05:18, tags=netgo)"
 2월 06 15:36:57 syslogserver snmp_exporter[2631988]: ts=2024-02-06T06:36:57.507Z caller=tls_config.go:274 level=info msg="Listening on" address=[::]:9116
 2월 06 15:36:57 syslogserver snmp_exporter[2631988]: ts=2024-02-06T06:36:57.507Z caller=tls_config.go:277 level=info msg="TLS is disabled." http2=false address=[::]:9116
root@syslogserver:/usr/share/snmp/mibs/ietf#

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

InfluxDB 2.x 설치하기 (1)	2024.03.15
sudo 권한 부여하기 (0)	2024.03.11
elastalert2 rules 설정 (0)	2024.01.15
elastalert2 설치하기 (0)	2024.01.15
grafana 알람 설정 (0)	2024.01.08

elastalert2 rules 설정

2024. 1. 15. 17:41

elastalert의 rule 설정하는 방법입니다.

UTM 로그

elastalert 룰

root@syslogserver:/opt/elastalert/rules# cat ./firewall_login_success.yaml
name: firewall_console_login

type: any

index: logstash-fg-*

filter:
- query:
    query_string:
      query: logdesc:"Admin login successful" AND action:"login"

doc_type: _doc

alert:
- "slack"

slack:
# 슬랙 웹훅 주소
slack_webhook_url: "https://hooks.slack.com/services/################/#############/###########"
# 슬랙 채널에 메시지 전달할 이름
slack_username_override: "ElastAlert-Bot"
# 슬랙 메시지를 보낼 채널
slack_channel_override: "#security_alert"
# 슬랙 메시지에 타이틀 지정
# 지정하지 않을 경우 rule의 절대 경로 명이 찍힘: /opt/elastalert/ruls/ap_login_fail.yaml
slack_title: FIREWALL_LOGIN_SUCCESS
# 슬랙 메시지 색
slack_msg_color: "good"


alert_text: "FIREWALL_CONSOLE_LOGIN: 접속시간: {0} / 접속계정: {1} / 접속자IP: {2}"
alert_text_type: "alert_text_only"
alert_text_args: ["syslog_timestamp", "user", "srcip"]
root@syslogserver:/opt/elastalert/rules#

슬랙 메시지

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

sudo 권한 부여하기 (0)	2024.03.11
snmp-exporter에 MIB 등록하기 (0)	2024.02.07
elastalert2 설치하기 (0)	2024.01.15
grafana 알람 설정 (0)	2024.01.08
apt로 grafana 설치하기 (1)	2024.01.08

elastalert2 설치하기

2024. 1. 15. 13:56

elastalert은 이제 지원하지 않습니다.

CentOS에서는 키바나 UI에서 설치하는 방법을 작성했었습니다.

이번에는 elastalert2로 설치하는 방법을 안내합니다.

kibana UI에서 설정 하지 않고, 터미널에서 직접 설정하는 방법으로 진행했습니다.

elastalert2로 설치하니까 금방이네요~

root@syslogserver:~# pip install elastalert2
root@syslogserver:~# cd /opt
root@syslogserver:~# git clone https://github.com/jertel/elastalert2.git
root@syslogserver:~# cd elastalert2
root@syslogserver:~/elastalert2# pip install "setuptools>=11.3"
root@syslogserver:~/elastalert2# python3 setup.py install
root@syslogserver:~/elastalert2# cd /opt
# elastalert 설치하신 후 "elastalert " 이라고 명령어를 치면 에러 메시지가 보입니다.
# 이때 경로 확인이 가능해요.
root@syslogserver:/opt# ln -s /usr/local/lib/python3.10/dist-packages/elastalert/ ./elastalert
root@syslogserver:/opt# ls -al
root@syslogserver:/opt# ls -al
total 8476
drwxr-xr-x  5 root    root       4096  1월 15 12:26 .
drwxr-xr-x 20 root    root       4096 12월 22 15:41 ..
lrwxrwxrwx  1 root    root         51  1월 15 12:26 elastalert -> /usr/local/lib/python3.10/dist-packages/elastalert/
drwxr-xr-x  3 grafana grafana    4096 12월 26 17:27 grafana-plugin
drwxr-xr-x  2 root    root       4096 12월 22 15:45 node_modules
drwxr-xr-x  2    1001    1002    4096 12월 21 12:55 snmp_exporter
root@syslogserver:/opt# cd elastalert
root@syslogserver:/opt/elastalert# cat ./config.yaml
# 폴더 명
# 폴더 경로를 설정할 경우, elastalert을 실행할 때 rule 옵션을 별도로 주지 않아도 됨
# 예: elastalert --config /opt/elastalert/config.yaml
rules_folder: /opt/elastalert/rules

# elasticsearch를 쿼리하는 빈도
run_every:
  minutes: 1

# 쿼리가 실행되는 시간부터 뒤로 늘어나는 쿼리 창의 크기
buffer_time:
  minutes: 15

# elasticsearch host
es_host: 192.168.000.000

# elasticsearch 사용 port
es_port: 9200

# elastalert2가 데이터를 저장할 index
# 굉장히 중요 합니다!!!!
writeback_index: elastalert_status

# 실패한 경고에 대한 재시도 기간
alert_time_limit:
  days: 2
root@syslogserver:/opt/elastalert#
# elasticsearch index를 생성하지 않으면 아래처럼 오류 발생
root@syslogserver:/opt/elastalert# elastalert


WARNING:elasticsearch:POST http://192.168.000.000:9200/elastalert_status/_search?size=1000 [status:404 request:0.027s]
ERROR:elastalert:Error finding recent pending alerts: NotFoundError(404, 'index_not_found_exception', 'no such index [elastalert_status]', elastalert_status, index_or_alias) {'query': {'bool': {'must': {'query_string': {'query': '!_exists_:aggregate_id AND alert_sent:false'}}, 'filter': {'range': {'alert_time': {'from': '2024-01-13T03:27:38.609562Z', 'to': '2024-01-15T03:27:38.609590Z'}}}}}, 'sort': {'alert_time': {'order': 'asc'}}}
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/elastalert/elastalert.py", line 1503, in find_recent_pending_alerts
    res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000)
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/client/utils.py", line 152, in _wrapped
    return func(*args, params=params, headers=headers, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/elastalert/__init__.py", line 147, in search
    results = self.transport.perform_request(
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/transport.py", line 392, in perform_request
    raise e
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/transport.py", line 358, in perform_request
    status, headers_response, data = connection.perform_request(
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/connection/http_requests.py", line 199, in perform_request
    self._raise_error(response.status_code, raw_data)
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/connection/base.py", line 315, in _raise_error
    raise HTTP_EXCEPTIONS.get(status_code, TransportError)(
elasticsearch.exceptions.NotFoundError: NotFoundError(404, 'index_not_found_exception', 'no such index [elastalert_status]', elastalert_status, index_or_alias)
^C
root@syslogserver:/opt/elastalert#
# elasticsearch index 생성
root@syslogserver:/opt/elastalert# elastalert-create-index
Enter Elasticsearch host: 192.168.000.000
Enter Elasticsearch port: 9200
Use SSL? t/f: f
Enter optional basic-auth username (or leave blank):
Enter optional basic-auth password (or leave blank):
Enter optional Elasticsearch URL prefix (prepends a string to the URL of every request):
New index name? (Default elastalert_status)
Name of existing index to copy? (Default None)
Reading Elastic 8 index mappings:
Reading index mapping 'es_mappings/8/silence.json'
Reading index mapping 'es_mappings/8/elastalert_status.json'
Reading index mapping 'es_mappings/8/elastalert.json'
Reading index mapping 'es_mappings/8/past_elastalert.json'
Reading index mapping 'es_mappings/8/elastalert_error.json'
Deleting index elastalert_status_status.
Deleting index elastalert_status_error.
New index elastalert_status created
Done!
root@syslogserver:~#
# elastalert 명령어를 실행할 경우 기본적으로 현재의 경로에서 config.yaml을 찾게 됩니다.
# 그래서 아래와 같은 오류 메시지를 볼 수 있습니다.
root@syslogserver:~# elastalert
Traceback (most recent call last):
  File "/usr/local/bin/elastalert", line 33, in <module>
    sys.exit(load_entry_point('elastalert2==2.15.0', 'console_scripts', 'elastalert')())
  File "/usr/local/lib/python3.10/dist-packages/elastalert/elastalert.py", line 1900, in main
    client = ElastAlerter(args)
  File "/usr/local/lib/python3.10/dist-packages/elastalert/elastalert.py", line 127, in __init__
    self.conf = load_conf(self.args)
  File "/usr/local/lib/python3.10/dist-packages/elastalert/config.py", line 49, in load_conf
    conf = read_yaml(filename)
  File "/usr/local/lib/python3.10/dist-packages/elastalert/yaml.py", line 6, in read_yaml
    with open(path) as f:
FileNotFoundError: [Errno 2] No such file or directory: 'config.yaml'
root@syslogserver:~#
# 단발성으로 실행할 경우 아래의 명령어를 통해서 실행
root@syslogserver:~# python3 -m elastalert.elastalert --verbose --config /opt/elastalert/configy.yaml
# systemctl에 등록하여 실행할 경우
root@syslogserver:~# cd /etc/systemd/system
root@syslogserver:/etc/systemd/system# cat elastalert.service
[Unit]
Description=Severe_logalerts
After=elasticsearch.service

[Service]
Type=simple
WorkingDirectory=/opt/elastalert
ExecStart=/usr/local/bin/elastalert --verbose --config /opt/elastalert/config.yaml

[Install]
WantedBy=multi-user.target
root@syslogserver:/etc/systemd/system# systemctl daemon-reload
root@syslogserver:/etc/systemd/system# systemctl restart elastalert.service

아래 사이트 참고하세요.

https://elastalert2.readthedocs.io/en/latest/running_elastalert.html#downloading-and-configuring

Getting Started — ElastAlert 2 0.0.1 documentation

ElastAlert 2 can easily be run as a Docker container or directly on your machine as a Python package. If you are not interested in modifying the internals of ElastAlert 2, the Docker container is recommended for ease of use. As a Kubernetes deployment The

elastalert2.readthedocs.io

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

snmp-exporter에 MIB 등록하기 (0)	2024.02.07
elastalert2 rules 설정 (0)	2024.01.15
grafana 알람 설정 (0)	2024.01.08
apt로 grafana 설치하기 (1)	2024.01.08
grafana user admin 권한 부여하기 (0)	2023.12.21

grafana 알람 설정

2024. 1. 8. 19:49

최신 버전 그라파나 알람 설정이 너무 어려워졌네요.

제가 설정한 부분까지 공유 합니다.

시나리오를 이야기 한다면,

AXGATE의 WAN Port가 900Mbps 이상 사용하면 SLACK으로 알람이 전송되도록 설정하였습니다.

※ 특이사항 (제가 설정하면서 찾기 힘들었던 매뉴)

1. evaluation 설정

기존 6 버전까지는 시간 설정이 간단했었는데, 이후 버전부터 트래픽을 모니터링 할때의 evaluation 설정이 엄청 헷깔리네요.

해당 rules에 대한 설정이 있고, 그룹에 대한 설정이 있습니다.

그룹에 대한 설정이 우선으로 보여집니다.

아래의 3번 Notification policies 설정을 잘 확인해보세요.

저는 트래픽 모니터링을 10s 간격으로 하고, 900Mbps 이상 10s가 유지되면 알람이 발송되도록 설정했습니다.

이후 트래픽 900Mbps 이상을 유지할 경우 5m 마다 알람을 다시 발송합니다.

2. rule 추가시 Expressions 설정 (아래의 4번 설정)

Define query and alert condition 설정에서 Expressions 옵션에서 기존 6버전에서 사용한 방식을 찾지 못해서 해맸습니다.

"Add expression" 버튼을 누르면 아래의 그림처럼 "Classic condition"을 선택하시면 됩니다.

상세 설정입니다.

1. Notification Templeates 설정

2. Contact points 설정

3. Notification policies 설정

4. Alert rules 설정

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

elastalert2 rules 설정 (0)	2024.01.15
elastalert2 설치하기 (0)	2024.01.15
apt로 grafana 설치하기 (1)	2024.01.08
grafana user admin 권한 부여하기 (0)	2023.12.21
grafana admin 계정 (0)	2023.12.21

apt로 grafana 설치하기

2024. 1. 8. 19:41

기존 설치한 snap 방식은 버전이 낮아서 apt로 설치하는 방법으로 다시 설치해 봤습니다.

간단히

#### 공통 설치 부분
logmgmt@syslogserver:~$ sudo apt-get install -y apt-transport-https software-properties-common wget
logmgmt@syslogserver:~$ sudo mkdir -p /etc/apt/keyrings/ -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/nullwget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
logmgmt@syslogserver:~$ cd /etc/apt/keyrings
logmgmt@syslogserver:/etc/apt/keyrings$ wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
logmgmt@syslogserver:/etc/apt/keyrings$ echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main
logmgmt@syslogserver:/etc/apt/keyrings$ echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com beta main" | sudo tee -a /etc/apt/sources.list.d/grafana.list deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com beta main
logmgmt@syslogserver:~$ sudo apt-get update

#### 기존 grafana 설치 이력이 없다면
logmgmt@syslogserver:~$ sudo apt install grafana

#### 기존 grafana 설치 이력이 있다면
logmgmt@syslogserver:~$ rm -rf /var/lib/grafana
logmgmt@syslogserver:~$ rm -rf /etc/grafana
logmgmt@syslogserver:~$ sudo apt install grafana

자세히

logmgmt@syslogserver:~$ sudo apt-get install -y apt-transport-https software-properties-common wget
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
wget is already the newest version (1.21.2-2ubuntu1).
software-properties-common is already the newest version (0.99.22.8).
software-properties-common 패키지는 수동설치로 지정합니다.
apt-transport-https is already the newest version (2.4.11).
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
0개 업그레이드, 0개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
logmgmt@syslogserver:~$ sudo mkdir -p /etc/apt/keyrings/ -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/nullwget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
logmgmt@syslogserver:~$
logmgmt@syslogserver:~$ cd /etc/apt
logmgmt@syslogserver:/etc/apt$ ls -al
total 44
drwxr-xr-x   8 root root  4096 11월 28 14:00 .
drwxr-xr-x 140 root root 12288 12월 22 16:30 ..
drwxr-xr-x   2 root root  4096 11월 28 18:01 apt.conf.d
drwxr-xr-x   2 root root  4096  4월  8  2022 auth.conf.d
drwxr-xr-x   2 root root  4096  4월  8  2022 keyrings
drwxr-xr-x   2 root root  4096 11월 28 18:01 preferences.d
-rw-r--r--   1 root root  2824 11월 28 14:00 sources.list
drwxr-xr-x   2 root root  4096 12월 23 12:37 sources.list.d
drwxr-xr-x   2 root root  4096  8월  8 07:53 trusted.gpg.d
logmgmt@syslogserver:/etc/apt$ cd keyrings/
logmgmt@syslogserver:/etc/apt/keyrings$ wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
logmgmt@syslogserver:/etc/apt/keyrings$ ls
grafana.gpg
logmgmt@syslogserver:/etc/apt/keyrings$ ls -al
total 12
drwxr-xr-x 2 root root 4096 12월 23 12:42 .
drwxr-xr-x 8 root root 4096 11월 28 14:00 ..
-rw-r--r-- 1 root root 1758 12월 23 12:42 grafana.gpg
logmgmt@syslogserver:/etc/apt/keyrings$ echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list
deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main
logmgmt@syslogserver:/etc/apt/keyrings$ echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com beta main" | sudo tee -a /etc/apt/sources.list.d/grafana.list
deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com beta main
logmgmt@syslogserver:/etc/apt/keyrings$ cd
logmgmt@syslogserver:~$ sudo apt-get update
받기:1 https://apt.grafana.com stable InRelease [5,984 B]
받기:2 https://apt.grafana.com beta InRelease [5,976 B]
기존:3 https://dl.yarnpkg.com/debian stable InRelease
받기:4 https://apt.grafana.com stable/main amd64 Packages [182 kB]
오류:2 https://apt.grafana.com beta InRelease
  다음 서명들은 공개키가 없기 때문에 인증할 수 없습니다: NO_PUBKEY 9E439B102CF3C0C6
기존:5 https://deb.nodesource.com/node_20.x jammy InRelease
기존:6 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
기존:7 http://security.ubuntu.com/ubuntu jammy-security InRelease
기존:8 http://kr.archive.ubuntu.com/ubuntu jammy InRelease
기존:9 http://kr.archive.ubuntu.com/ubuntu jammy-updates InRelease
기존:10 http://kr.archive.ubuntu.com/ubuntu jammy-backports InRelease
패키지 목록을 읽는 중입니다... 완료
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://apt.grafana.com stable InRelease' doesn't support architecture 'i386'
W: GPG 오류: https://apt.grafana.com beta InRelease: 다음 서명들은 공개키가 없기 때문에 인증할 수 없습니다: NO_PUBKEY 9E439B102CF3C0C6
E: The repository 'https://apt.grafana.com beta InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
logmgmt@syslogserver:~$ sudo apt update
기존:1 https://apt.grafana.com stable InRelease
받기:2 https://apt.grafana.com beta InRelease [5,976 B]
기존:3 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
기존:4 https://dl.yarnpkg.com/debian stable InRelease
오류:2 https://apt.grafana.com beta InRelease
  다음 서명들은 공개키가 없기 때문에 인증할 수 없습니다: NO_PUBKEY 9E439B102CF3C0C6
기존:5 https://deb.nodesource.com/node_20.x jammy InRelease
기존:6 http://kr.archive.ubuntu.com/ubuntu jammy InRelease
기존:7 http://kr.archive.ubuntu.com/ubuntu jammy-updates InRelease
기존:8 http://security.ubuntu.com/ubuntu jammy-security InRelease
기존:9 http://kr.archive.ubuntu.com/ubuntu jammy-backports InRelease
패키지 목록을 읽는 중입니다... 완료
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://apt.grafana.com stable InRelease' doesn't support architecture 'i386'
W: GPG 오류: https://apt.grafana.com beta InRelease: 다음 서명들은 공개키가 없기 때문에 인증할 수 없습니다: NO_PUBKEY 9E439B102CF3C0C6
E: The repository 'https://apt.grafana.com beta InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
logmgmt@syslogserver:~$ sudo apt install grafana
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  musl
다음 새 패키지를 설치할 것입니다:
  grafana musl
0개 업그레이드, 2개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
104 M바이트 아카이브를 받아야 합니다.
이 작업 후 384 M바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y
받기:1 http://kr.archive.ubuntu.com/ubuntu jammy/universe amd64 musl amd64 1.2.2-4 [407 kB]
받기:2 https://apt.grafana.com stable/main amd64 grafana amd64 10.2.3 [104 MB]
내려받기 104 M바이트, 소요시간 5초 (19.0 M바이트/초)
Selecting previously unselected package musl:amd64.
(데이터베이스 읽는중 ...현재 291313개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../musl_1.2.2-4_amd64.deb ...
Unpacking musl:amd64 (1.2.2-4) ...
Selecting previously unselected package grafana.
Preparing to unpack .../grafana_10.2.3_amd64.deb ...
Unpacking grafana (10.2.3) ...
musl:amd64 (1.2.2-4) 설정하는 중입니다 ...
grafana (10.2.3) 설정하는 중입니다 ...
mkdir: cannot create directory ‘/var/lib/grafana’: File exists
dpkg: error processing package grafana (--configure):
 installed grafana package post-installation script subprocess returned error exit status 1
Processing triggers for man-db (2.10.2-1) ...
처리하는데 오류가 발생했습니다:
 grafana
E: Sub-process /usr/bin/dpkg returned an error code (1)
logmgmt@syslogserver:~$ sudo rm -rf /var/lib/grafana
logmgmt@syslogserver:~$ sudo rm -rf /etc/grafana/
logmgmt@syslogserver:~$ sudo apt install grafana
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
grafana is already the newest version (10.2.3).
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
0개 업그레이드, 0개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
1개를 완전히 설치하지 못했거나 지움.
이 작업 후 0 바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y
grafana (10.2.3) 설정하는 중입니다 ...
cp: cannot create regular file '/etc/grafana/grafana.ini': No such file or directory
dpkg: error processing package grafana (--configure):
 installed grafana package post-installation script subprocess returned error exit status 1
처리하는데 오류가 발생했습니다:
 grafana
E: Sub-process /usr/bin/dpkg returned an error code (1)
logmgmt@syslogserver:~$ sudo apt remove grafana
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  musl python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
다음 패키지를 지울 것입니다:
  grafana
0개 업그레이드, 0개 새로 설치, 1개 제거 및 5개 업그레이드 안 함.
1개를 완전히 설치하지 못했거나 지움.
이 작업 후 383 M바이트의 디스크 공간이 비워집니다.
계속 하시겠습니까? [Y/n] y
(데이터베이스 읽는중 ...현재 301080개의 파일과 디렉터리가 설치되어 있습니다.)
Removing grafana (10.2.3) ...
Stopping and disabling grafana-server service...
Synchronizing state of grafana-server.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable grafana-server
logmgmt@syslogserver:~$ sudo apt install grafana
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
다음 새 패키지를 설치할 것입니다:
  grafana
0개 업그레이드, 1개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
0 바이트/104 M바이트 아카이브를 받아야 합니다.
이 작업 후 383 M바이트의 디스크 공간을 더 사용하게 됩니다.
Selecting previously unselected package grafana.
(데이터베이스 읽는중 ...현재 291329개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../grafana_10.2.3_amd64.deb ...
Unpacking grafana (10.2.3) ...
grafana (10.2.3) 설정하는 중입니다 ...
### NOT starting on installation, please execute the following statements to configure grafana to start automatically using systemd
 sudo /bin/systemctl daemon-reload
 sudo /bin/systemctl enable grafana-server
### You can start grafana-server by executing
 sudo /bin/systemctl start grafana-server
logmgmt@syslogserver:~$

참고 자료

https://grafana.com/docs/grafana/latest/setup-grafana/installation/debian/

Install Grafana on Debian or Ubuntu | Grafana documentation

Enterprise Open source Install Grafana on Debian or Ubuntu This topic explains how to install Grafana dependencies, install Grafana on Linux Debian or Ubuntu, and start the Grafana server on your Debian or Ubuntu system. There are multiple ways to install

grafana.com

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

elastalert2 설치하기 (0)	2024.01.15
grafana 알람 설정 (0)	2024.01.08
grafana user admin 권한 부여하기 (0)	2023.12.21
grafana admin 계정 (0)	2023.12.21
snap으로 grafana 설치 후 grafana.ini 설정 (0)	2023.12.21

grafana user admin 권한 부여하기

2023. 12. 21. 19:39

계정을 생성하면 기본적으로 권한이 admin이 아닙니다.

그런데 admin 계정을 삭제했다면 대략 난감입니다.

(제가 그랬어요 ㅎㅎㅎ)

그래서 DB에서 직접 권한을 부여하는 방법으로 해결했습니다.

root@syslogserver:~# sqlite3
Command 'sqlite3' not found, but can be installed with:
apt install sqlite3
root@syslogserver:~# apt install sqlite3
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
제안하는 패키지:
  sqlite3-doc
다음 새 패키지를 설치할 것입니다:
  sqlite3
0개 업그레이드, 1개 새로 설치, 0개 제거 및 15개 업그레이드 안 함.
768 k바이트 아카이브를 받아야 합니다.
이 작업 후 1,873 k바이트의 디스크 공간을 더 사용하게 됩니다.
받기:1 http://kr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 sqlite3 amd64 3.37.2-2ubuntu0.1 [768 kB]
내려받기 768 k바이트, 소요시간 2초 (322 k바이트/초)
Selecting previously unselected package sqlite3.
(데이터베이스 읽는중 ...현재 285343개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../sqlite3_3.37.2-2ubuntu0.1_amd64.deb ...
Unpacking sqlite3 (3.37.2-2ubuntu0.1) ...
sqlite3 (3.37.2-2ubuntu0.1) 설정하는 중입니다 ...
Processing triggers for man-db (2.10.2-1) ...
root@syslogserver:~#
root@syslogserver:~# sqlite3 /var/snap/grafana/common/data/grafana.db
SQLite version 3.37.2 2022-01-06 13:25:41
Enter ".help" for usage hints.
sqlite> update user set is_admin = true where login = '계정ID';
sqlite> .exit
root@syslogserver:~#

웹으로 접속하시면, 관리자 권한으로 바뀌어 있을 겁니다.

아래의 그림에서 보이는 권한을 변경해주셔야 진정한 Admin 으로 변경됩니다.

저처럼 권한 변경하지 않고 복구하시는 분들만 참고해주세요. ㅠㅠ

계정 복구 하는 방법은 여러 방법이 있습니다~

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

grafana 알람 설정 (0)	2024.01.08
apt로 grafana 설치하기 (1)	2024.01.08
grafana admin 계정 (0)	2023.12.21
snap으로 grafana 설치 후 grafana.ini 설정 (0)	2023.12.21
grafana 설치하기 (1)	2023.12.21

grafana admin 계정

2023. 12. 21. 19:36

접속정보

http://{서버IP}:3000
ID: admin
PW: admin

반드시 접속 후 패스워드 변경하시기 바랍니다.

그리고 admin 계정은 삭제 후, 새로운 관리자 계정으로 사용하세요.

계정 생성

※ admin 계정 삭제 전 생성한 계정에게 admin 권한을 부여해주세요.

admin 계정 삭제

admin 계정 삭제 시 자동으로 로그아웃 됩니다.

저작자표시 비영리 변경금지

'기술 노트 > ubuntu' 카테고리의 다른 글

apt로 grafana 설치하기 (1)	2024.01.08
grafana user admin 권한 부여하기 (0)	2023.12.21
snap으로 grafana 설치 후 grafana.ini 설정 (0)	2023.12.21
grafana 설치하기 (1)	2023.12.21
snmp-exporter-0.25 설치하기 (0)	2023.12.21