흙수저의 엔지니어링

elastalert의 rule 설정하는 방법입니다.

UTM 로그

elastalert 룰

root@syslogserver:/opt/elastalert/rules# cat ./firewall_login_success.yaml
name: firewall_console_login

type: any

index: logstash-fg-*

filter:
- query:
    query_string:
      query: logdesc:"Admin login successful" AND action:"login"

doc_type: _doc

alert:
- "slack"

slack:
# 슬랙 웹훅 주소
slack_webhook_url: "https://hooks.slack.com/services/################/#############/###########"
# 슬랙 채널에 메시지 전달할 이름
slack_username_override: "ElastAlert-Bot"
# 슬랙 메시지를 보낼 채널
slack_channel_override: "#security_alert"
# 슬랙 메시지에 타이틀 지정
# 지정하지 않을 경우 rule의 절대 경로 명이 찍힘: /opt/elastalert/ruls/ap_login_fail.yaml
slack_title: FIREWALL_LOGIN_SUCCESS
# 슬랙 메시지 색
slack_msg_color: "good"


alert_text: "FIREWALL_CONSOLE_LOGIN: 접속시간: {0} / 접속계정: {1} / 접속자IP: {2}"
alert_text_type: "alert_text_only"
alert_text_args: ["syslog_timestamp", "user", "srcip"]
root@syslogserver:/opt/elastalert/rules#

슬랙 메시지

elastalert은 이제 지원하지 않습니다.

CentOS에서는 키바나 UI에서 설치하는 방법을 작성했었습니다.

이번에는 elastalert2로 설치하는 방법을 안내합니다.

kibana UI에서 설정 하지 않고, 터미널에서 직접 설정하는 방법으로 진행했습니다.

elastalert2로 설치하니까 금방이네요~

root@syslogserver:~# pip install elastalert2
root@syslogserver:~# cd /opt
root@syslogserver:~# git clone https://github.com/jertel/elastalert2.git
root@syslogserver:~# cd elastalert2
root@syslogserver:~/elastalert2# pip install "setuptools>=11.3"
root@syslogserver:~/elastalert2# python3 setup.py install
root@syslogserver:~/elastalert2# cd /opt
# elastalert 설치하신 후 "elastalert " 이라고 명령어를 치면 에러 메시지가 보입니다.
# 이때 경로 확인이 가능해요.
root@syslogserver:/opt# ln -s /usr/local/lib/python3.10/dist-packages/elastalert/ ./elastalert
root@syslogserver:/opt# ls -al
root@syslogserver:/opt# ls -al
total 8476
drwxr-xr-x  5 root    root       4096  1월 15 12:26 .
drwxr-xr-x 20 root    root       4096 12월 22 15:41 ..
lrwxrwxrwx  1 root    root         51  1월 15 12:26 elastalert -> /usr/local/lib/python3.10/dist-packages/elastalert/
drwxr-xr-x  3 grafana grafana    4096 12월 26 17:27 grafana-plugin
drwxr-xr-x  2 root    root       4096 12월 22 15:45 node_modules
drwxr-xr-x  2    1001    1002    4096 12월 21 12:55 snmp_exporter
root@syslogserver:/opt# cd elastalert
root@syslogserver:/opt/elastalert# cat ./config.yaml
# 폴더 명
# 폴더 경로를 설정할 경우, elastalert을 실행할 때 rule 옵션을 별도로 주지 않아도 됨
# 예: elastalert --config /opt/elastalert/config.yaml
rules_folder: /opt/elastalert/rules

# elasticsearch를 쿼리하는 빈도
run_every:
  minutes: 1

# 쿼리가 실행되는 시간부터 뒤로 늘어나는 쿼리 창의 크기
buffer_time:
  minutes: 15

# elasticsearch host
es_host: 192.168.000.000

# elasticsearch 사용 port
es_port: 9200

# elastalert2가 데이터를 저장할 index
# 굉장히 중요 합니다!!!!
writeback_index: elastalert_status

# 실패한 경고에 대한 재시도 기간
alert_time_limit:
  days: 2
root@syslogserver:/opt/elastalert#
# elasticsearch index를 생성하지 않으면 아래처럼 오류 발생
root@syslogserver:/opt/elastalert# elastalert


WARNING:elasticsearch:POST http://192.168.000.000:9200/elastalert_status/_search?size=1000 [status:404 request:0.027s]
ERROR:elastalert:Error finding recent pending alerts: NotFoundError(404, 'index_not_found_exception', 'no such index [elastalert_status]', elastalert_status, index_or_alias) {'query': {'bool': {'must': {'query_string': {'query': '!_exists_:aggregate_id AND alert_sent:false'}}, 'filter': {'range': {'alert_time': {'from': '2024-01-13T03:27:38.609562Z', 'to': '2024-01-15T03:27:38.609590Z'}}}}}, 'sort': {'alert_time': {'order': 'asc'}}}
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/elastalert/elastalert.py", line 1503, in find_recent_pending_alerts
    res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000)
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/client/utils.py", line 152, in _wrapped
    return func(*args, params=params, headers=headers, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/elastalert/__init__.py", line 147, in search
    results = self.transport.perform_request(
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/transport.py", line 392, in perform_request
    raise e
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/transport.py", line 358, in perform_request
    status, headers_response, data = connection.perform_request(
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/connection/http_requests.py", line 199, in perform_request
    self._raise_error(response.status_code, raw_data)
  File "/usr/local/lib/python3.10/dist-packages/elasticsearch/connection/base.py", line 315, in _raise_error
    raise HTTP_EXCEPTIONS.get(status_code, TransportError)(
elasticsearch.exceptions.NotFoundError: NotFoundError(404, 'index_not_found_exception', 'no such index [elastalert_status]', elastalert_status, index_or_alias)
^C
root@syslogserver:/opt/elastalert#
# elasticsearch index 생성
root@syslogserver:/opt/elastalert# elastalert-create-index
Enter Elasticsearch host: 192.168.000.000
Enter Elasticsearch port: 9200
Use SSL? t/f: f
Enter optional basic-auth username (or leave blank):
Enter optional basic-auth password (or leave blank):
Enter optional Elasticsearch URL prefix (prepends a string to the URL of every request):
New index name? (Default elastalert_status)
Name of existing index to copy? (Default None)
Reading Elastic 8 index mappings:
Reading index mapping 'es_mappings/8/silence.json'
Reading index mapping 'es_mappings/8/elastalert_status.json'
Reading index mapping 'es_mappings/8/elastalert.json'
Reading index mapping 'es_mappings/8/past_elastalert.json'
Reading index mapping 'es_mappings/8/elastalert_error.json'
Deleting index elastalert_status_status.
Deleting index elastalert_status_error.
New index elastalert_status created
Done!
root@syslogserver:~#
# elastalert 명령어를 실행할 경우 기본적으로 현재의 경로에서 config.yaml을 찾게 됩니다.
# 그래서 아래와 같은 오류 메시지를 볼 수 있습니다.
root@syslogserver:~# elastalert
Traceback (most recent call last):
  File "/usr/local/bin/elastalert", line 33, in <module>
    sys.exit(load_entry_point('elastalert2==2.15.0', 'console_scripts', 'elastalert')())
  File "/usr/local/lib/python3.10/dist-packages/elastalert/elastalert.py", line 1900, in main
    client = ElastAlerter(args)
  File "/usr/local/lib/python3.10/dist-packages/elastalert/elastalert.py", line 127, in __init__
    self.conf = load_conf(self.args)
  File "/usr/local/lib/python3.10/dist-packages/elastalert/config.py", line 49, in load_conf
    conf = read_yaml(filename)
  File "/usr/local/lib/python3.10/dist-packages/elastalert/yaml.py", line 6, in read_yaml
    with open(path) as f:
FileNotFoundError: [Errno 2] No such file or directory: 'config.yaml'
root@syslogserver:~#
# 단발성으로 실행할 경우 아래의 명령어를 통해서 실행
root@syslogserver:~# python3 -m elastalert.elastalert --verbose --config /opt/elastalert/configy.yaml
# systemctl에 등록하여 실행할 경우
root@syslogserver:~# cd /etc/systemd/system
root@syslogserver:/etc/systemd/system# cat elastalert.service
[Unit]
Description=Severe_logalerts
After=elasticsearch.service

[Service]
Type=simple
WorkingDirectory=/opt/elastalert
ExecStart=/usr/local/bin/elastalert --verbose --config /opt/elastalert/config.yaml

[Install]
WantedBy=multi-user.target
root@syslogserver:/etc/systemd/system# systemctl daemon-reload
root@syslogserver:/etc/systemd/system# systemctl restart elastalert.service

아래 사이트 참고하세요.

https://elastalert2.readthedocs.io/en/latest/running_elastalert.html#downloading-and-configuring

최신 버전 그라파나 알람 설정이 너무 어려워졌네요.

제가 설정한 부분까지 공유 합니다.

시나리오를 이야기 한다면,

AXGATE의 WAN Port가 900Mbps 이상 사용하면 SLACK으로 알람이 전송되도록 설정하였습니다.

※ 특이사항 (제가 설정하면서 찾기 힘들었던 매뉴)

1. evaluation 설정

기존 6 버전까지는 시간 설정이 간단했었는데, 이후 버전부터 트래픽을 모니터링 할때의 evaluation 설정이 엄청 헷깔리네요.

해당 rules에 대한 설정이 있고, 그룹에 대한 설정이 있습니다.

그룹에 대한 설정이 우선으로 보여집니다.

아래의 3번 Notification policies 설정을 잘 확인해보세요.

저는 트래픽 모니터링을 10s 간격으로 하고, 900Mbps 이상 10s가 유지되면 알람이 발송되도록 설정했습니다.

이후 트래픽 900Mbps 이상을 유지할 경우 5m 마다 알람을 다시 발송합니다.

2. rule 추가시 Expressions 설정 (아래의 4번 설정)

Define query and alert condition 설정에서 Expressions 옵션에서 기존 6버전에서 사용한 방식을 찾지 못해서 해맸습니다.

"Add expression" 버튼을 누르면 아래의 그림처럼 "Classic condition"을 선택하시면 됩니다.

상세 설정입니다.

1. Notification Templeates 설정

2. Contact points 설정

3. Notification policies 설정

4. Alert rules 설정

기존 설치한 snap 방식은 버전이 낮아서 apt로 설치하는 방법으로 다시 설치해 봤습니다.

간단히

#### 공통 설치 부분
logmgmt@syslogserver:~$ sudo apt-get install -y apt-transport-https software-properties-common wget
logmgmt@syslogserver:~$ sudo mkdir -p /etc/apt/keyrings/ -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/nullwget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
logmgmt@syslogserver:~$ cd /etc/apt/keyrings
logmgmt@syslogserver:/etc/apt/keyrings$ wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
logmgmt@syslogserver:/etc/apt/keyrings$ echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main
logmgmt@syslogserver:/etc/apt/keyrings$ echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com beta main" | sudo tee -a /etc/apt/sources.list.d/grafana.list deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com beta main
logmgmt@syslogserver:~$ sudo apt-get update

#### 기존 grafana 설치 이력이 없다면
logmgmt@syslogserver:~$ sudo apt install grafana

#### 기존 grafana 설치 이력이 있다면
logmgmt@syslogserver:~$ rm -rf /var/lib/grafana
logmgmt@syslogserver:~$ rm -rf /etc/grafana
logmgmt@syslogserver:~$ sudo apt install grafana

자세히

logmgmt@syslogserver:~$ sudo apt-get install -y apt-transport-https software-properties-common wget
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
wget is already the newest version (1.21.2-2ubuntu1).
software-properties-common is already the newest version (0.99.22.8).
software-properties-common 패키지는 수동설치로 지정합니다.
apt-transport-https is already the newest version (2.4.11).
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
0개 업그레이드, 0개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
logmgmt@syslogserver:~$ sudo mkdir -p /etc/apt/keyrings/ -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/nullwget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
logmgmt@syslogserver:~$
logmgmt@syslogserver:~$ cd /etc/apt
logmgmt@syslogserver:/etc/apt$ ls -al
total 44
drwxr-xr-x   8 root root  4096 11월 28 14:00 .
drwxr-xr-x 140 root root 12288 12월 22 16:30 ..
drwxr-xr-x   2 root root  4096 11월 28 18:01 apt.conf.d
drwxr-xr-x   2 root root  4096  4월  8  2022 auth.conf.d
drwxr-xr-x   2 root root  4096  4월  8  2022 keyrings
drwxr-xr-x   2 root root  4096 11월 28 18:01 preferences.d
-rw-r--r--   1 root root  2824 11월 28 14:00 sources.list
drwxr-xr-x   2 root root  4096 12월 23 12:37 sources.list.d
drwxr-xr-x   2 root root  4096  8월  8 07:53 trusted.gpg.d
logmgmt@syslogserver:/etc/apt$ cd keyrings/
logmgmt@syslogserver:/etc/apt/keyrings$ wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
logmgmt@syslogserver:/etc/apt/keyrings$ ls
grafana.gpg
logmgmt@syslogserver:/etc/apt/keyrings$ ls -al
total 12
drwxr-xr-x 2 root root 4096 12월 23 12:42 .
drwxr-xr-x 8 root root 4096 11월 28 14:00 ..
-rw-r--r-- 1 root root 1758 12월 23 12:42 grafana.gpg
logmgmt@syslogserver:/etc/apt/keyrings$ echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list
deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main
logmgmt@syslogserver:/etc/apt/keyrings$ echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com beta main" | sudo tee -a /etc/apt/sources.list.d/grafana.list
deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com beta main
logmgmt@syslogserver:/etc/apt/keyrings$ cd
logmgmt@syslogserver:~$ sudo apt-get update
받기:1 https://apt.grafana.com stable InRelease [5,984 B]
받기:2 https://apt.grafana.com beta InRelease [5,976 B]
기존:3 https://dl.yarnpkg.com/debian stable InRelease
받기:4 https://apt.grafana.com stable/main amd64 Packages [182 kB]
오류:2 https://apt.grafana.com beta InRelease
  다음 서명들은 공개키가 없기 때문에 인증할 수 없습니다: NO_PUBKEY 9E439B102CF3C0C6
기존:5 https://deb.nodesource.com/node_20.x jammy InRelease
기존:6 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
기존:7 http://security.ubuntu.com/ubuntu jammy-security InRelease
기존:8 http://kr.archive.ubuntu.com/ubuntu jammy InRelease
기존:9 http://kr.archive.ubuntu.com/ubuntu jammy-updates InRelease
기존:10 http://kr.archive.ubuntu.com/ubuntu jammy-backports InRelease
패키지 목록을 읽는 중입니다... 완료
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://apt.grafana.com stable InRelease' doesn't support architecture 'i386'
W: GPG 오류: https://apt.grafana.com beta InRelease: 다음 서명들은 공개키가 없기 때문에 인증할 수 없습니다: NO_PUBKEY 9E439B102CF3C0C6
E: The repository 'https://apt.grafana.com beta InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
logmgmt@syslogserver:~$ sudo apt update
기존:1 https://apt.grafana.com stable InRelease
받기:2 https://apt.grafana.com beta InRelease [5,976 B]
기존:3 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
기존:4 https://dl.yarnpkg.com/debian stable InRelease
오류:2 https://apt.grafana.com beta InRelease
  다음 서명들은 공개키가 없기 때문에 인증할 수 없습니다: NO_PUBKEY 9E439B102CF3C0C6
기존:5 https://deb.nodesource.com/node_20.x jammy InRelease
기존:6 http://kr.archive.ubuntu.com/ubuntu jammy InRelease
기존:7 http://kr.archive.ubuntu.com/ubuntu jammy-updates InRelease
기존:8 http://security.ubuntu.com/ubuntu jammy-security InRelease
기존:9 http://kr.archive.ubuntu.com/ubuntu jammy-backports InRelease
패키지 목록을 읽는 중입니다... 완료
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://apt.grafana.com stable InRelease' doesn't support architecture 'i386'
W: GPG 오류: https://apt.grafana.com beta InRelease: 다음 서명들은 공개키가 없기 때문에 인증할 수 없습니다: NO_PUBKEY 9E439B102CF3C0C6
E: The repository 'https://apt.grafana.com beta InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:1 and /etc/apt/sources.list.d/grafana.list:3
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Packages (main/binary-i386/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-ko_KR) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-ko) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11 (main/dep11/Components-amd64.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11 (main/dep11/Components-all.yml) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons-small (main/dep11/icons-48x48.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons (main/dep11/icons-64x64.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target DEP-11-icons-hidpi (main/dep11/icons-64x64@2.tar) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/grafana.list:2 and /etc/apt/sources.list.d/grafana.list:4
logmgmt@syslogserver:~$ sudo apt install grafana
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  musl
다음 새 패키지를 설치할 것입니다:
  grafana musl
0개 업그레이드, 2개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
104 M바이트 아카이브를 받아야 합니다.
이 작업 후 384 M바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y
받기:1 http://kr.archive.ubuntu.com/ubuntu jammy/universe amd64 musl amd64 1.2.2-4 [407 kB]
받기:2 https://apt.grafana.com stable/main amd64 grafana amd64 10.2.3 [104 MB]
내려받기 104 M바이트, 소요시간 5초 (19.0 M바이트/초)
Selecting previously unselected package musl:amd64.
(데이터베이스 읽는중 ...현재 291313개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../musl_1.2.2-4_amd64.deb ...
Unpacking musl:amd64 (1.2.2-4) ...
Selecting previously unselected package grafana.
Preparing to unpack .../grafana_10.2.3_amd64.deb ...
Unpacking grafana (10.2.3) ...
musl:amd64 (1.2.2-4) 설정하는 중입니다 ...
grafana (10.2.3) 설정하는 중입니다 ...
mkdir: cannot create directory ‘/var/lib/grafana’: File exists
dpkg: error processing package grafana (--configure):
 installed grafana package post-installation script subprocess returned error exit status 1
Processing triggers for man-db (2.10.2-1) ...
처리하는데 오류가 발생했습니다:
 grafana
E: Sub-process /usr/bin/dpkg returned an error code (1)
logmgmt@syslogserver:~$ sudo rm -rf /var/lib/grafana
logmgmt@syslogserver:~$ sudo rm -rf /etc/grafana/
logmgmt@syslogserver:~$ sudo apt install grafana
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
grafana is already the newest version (10.2.3).
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
0개 업그레이드, 0개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
1개를 완전히 설치하지 못했거나 지움.
이 작업 후 0 바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y
grafana (10.2.3) 설정하는 중입니다 ...
cp: cannot create regular file '/etc/grafana/grafana.ini': No such file or directory
dpkg: error processing package grafana (--configure):
 installed grafana package post-installation script subprocess returned error exit status 1
처리하는데 오류가 발생했습니다:
 grafana
E: Sub-process /usr/bin/dpkg returned an error code (1)
logmgmt@syslogserver:~$ sudo apt remove grafana
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  musl python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
다음 패키지를 지울 것입니다:
  grafana
0개 업그레이드, 0개 새로 설치, 1개 제거 및 5개 업그레이드 안 함.
1개를 완전히 설치하지 못했거나 지움.
이 작업 후 383 M바이트의 디스크 공간이 비워집니다.
계속 하시겠습니까? [Y/n] y
(데이터베이스 읽는중 ...현재 301080개의 파일과 디렉터리가 설치되어 있습니다.)
Removing grafana (10.2.3) ...
Stopping and disabling grafana-server service...
Synchronizing state of grafana-server.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable grafana-server
logmgmt@syslogserver:~$ sudo apt install grafana
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  python3-cliapp python3-markdown python3-pygments python3-ttystatus
Use 'sudo apt autoremove' to remove them.
다음 새 패키지를 설치할 것입니다:
  grafana
0개 업그레이드, 1개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
0 바이트/104 M바이트 아카이브를 받아야 합니다.
이 작업 후 383 M바이트의 디스크 공간을 더 사용하게 됩니다.
Selecting previously unselected package grafana.
(데이터베이스 읽는중 ...현재 291329개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../grafana_10.2.3_amd64.deb ...
Unpacking grafana (10.2.3) ...
grafana (10.2.3) 설정하는 중입니다 ...
### NOT starting on installation, please execute the following statements to configure grafana to start automatically using systemd
 sudo /bin/systemctl daemon-reload
 sudo /bin/systemctl enable grafana-server
### You can start grafana-server by executing
 sudo /bin/systemctl start grafana-server
logmgmt@syslogserver:~$

참고 자료

https://grafana.com/docs/grafana/latest/setup-grafana/installation/debian/

계정을 생성하면 기본적으로 권한이 admin이 아닙니다.

그런데 admin 계정을 삭제했다면 대략 난감입니다.

(제가 그랬어요 ㅎㅎㅎ)

그래서 DB에서 직접 권한을 부여하는 방법으로 해결했습니다.

root@syslogserver:~# sqlite3
Command 'sqlite3' not found, but can be installed with:
apt install sqlite3
root@syslogserver:~# apt install sqlite3
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
제안하는 패키지:
  sqlite3-doc
다음 새 패키지를 설치할 것입니다:
  sqlite3
0개 업그레이드, 1개 새로 설치, 0개 제거 및 15개 업그레이드 안 함.
768 k바이트 아카이브를 받아야 합니다.
이 작업 후 1,873 k바이트의 디스크 공간을 더 사용하게 됩니다.
받기:1 http://kr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 sqlite3 amd64 3.37.2-2ubuntu0.1 [768 kB]
내려받기 768 k바이트, 소요시간 2초 (322 k바이트/초)
Selecting previously unselected package sqlite3.
(데이터베이스 읽는중 ...현재 285343개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../sqlite3_3.37.2-2ubuntu0.1_amd64.deb ...
Unpacking sqlite3 (3.37.2-2ubuntu0.1) ...
sqlite3 (3.37.2-2ubuntu0.1) 설정하는 중입니다 ...
Processing triggers for man-db (2.10.2-1) ...
root@syslogserver:~#
root@syslogserver:~# sqlite3 /var/snap/grafana/common/data/grafana.db
SQLite version 3.37.2 2022-01-06 13:25:41
Enter ".help" for usage hints.
sqlite> update user set is_admin = true where login = '계정ID';
sqlite> .exit
root@syslogserver:~#

웹으로 접속하시면, 관리자 권한으로 바뀌어 있을 겁니다.

아래의 그림에서 보이는 권한을 변경해주셔야 진정한 Admin 으로 변경됩니다.

저처럼 권한 변경하지 않고 복구하시는 분들만 참고해주세요. ㅠㅠ

계정 복구 하는 방법은 여러 방법이 있습니다~

접속정보

• http://{서버IP}:3000
• ID: admin
• PW: admin

반드시 접속 후 패스워드 변경하시기 바랍니다.

그리고 admin 계정은 삭제 후, 새로운 관리자 계정으로 사용하세요.

• 계정 생성

     ※ admin 계정 삭제 전 생성한 계정에게 admin 권한을 부여해주세요.

• admin 계정 삭제

• admin 계정 삭제 시 자동으로 로그아웃 됩니다.

snap으로 grafana를 설치하니 설정 파일이 없네요.

찾기도 힘들었습니다.

기본 default 설정 파일 위치입니다.

• /snap/grafana/current/conf/defaults.ini
• 해당 파일은 Read Only로 root 권한으로도 설정이 변경되지 않아요.

아래 경로로 설정 파일을 복사해서 사용해주세요.

• /var/snap/grafana/current/conf/grafana.ini
• 경로 중에 "conf" 폴더는 생성해 주셔야 합니다.
• 해당 경로의 설정파일 적용이 되는지 의심스럽다면, 웹 접근 Port인 3000번을 변경해서 접속해보세요.
  저는 잘 작동되는 것 확인 했습니다.

root@syslogserver:/snap/grafana/current/conf# id
uid=0(root) gid=0(root) groups=0(root)
root@syslogserver:/snap/grafana/current/conf# mkdir /var/snap/grafana/current/conf
root@syslogserver:/snap/grafana/current/conf# cp ./defaults.ini /var/snap/grafana/current/conf/
root@syslogserver:/snap/grafana/current/conf# cd /var/snap/grafana/current/conf/
root@syslogserver:/var/snap/grafana/current/conf# ls -al
total 32
drwxr-xr-x 2 root root  4096 12월 21 14:46 .
drwxr-xr-x 3 root root  4096 12월 21 14:46 ..
-rw-r--r-- 1 root root 22903 12월 21 14:46 defaults.ini
root@syslogserver:/var/snap/grafana/current/conf# mv ./defaults.ini ./grafana.ini
root@syslogserver:/var/snap/grafana/current/conf#

이후 설정 파일은 아래 링크 참조하시면 됩니다.

https://dirt-spoon.tistory.com/87

uid=1000(logmgmt) gid=1000(logmgmt) groups=1000(logmgmt),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(syslog),122(lpadmin),135(lxd),136(sambashare)
logmgmt@syslogserver:~$ sudo apt install grafana
[sudo] password for logmgmt:
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료

No apt package "grafana", but there is a snap with that name.
Try "snap install grafana"

E: grafana 패키지를 찾을 수 없습니다
logmgmt@syslogserver:~$ sudo snap install grafana
grafana 6.7.4 from Canonical✓ installed
logmgmt@syslogserver:~$ ps -ef | grep grafana
root      195358       1  3 14:09 ?        00:00:01 /snap/grafana/36/bin/grafana-server -homepath /snap/grafana/36
logmgmt   195407  167612  0 14:10 pts/0    00:00:00 grep --color=auto grafana
logmgmt@syslogserver:~$

최신 버전 다운로드 받기

저는 ubuntu에서 설치하기 위해 아래 파일을 다운로드 했습니다.

snmp_exporter-0.25.0.linux-amd64.tar.gz

https://github.com/prometheus/snmp_exporter/releases

root@syslogserver:/opt# wget https://github.com/prometheus/snmp_exporter/releases/download/v0.25.0/snmp_exporter-0.25.0.linux-amd64.tar.gz
--2023-12-21 12:08:50--  https://github.com/prometheus/snmp_exporter/releases/download/v0.25.0/snmp_exporter-0.25.0.linux-amd64.tar.gz
Resolving github.com (github.com)... 20.200.245.247
Connecting to github.com (github.com)|20.200.245.247|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/31185891/aaa12aa4-ebfa-4e22-b061-b274132432f3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231221%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231221T030851Z&X-Amz-Expires=300&X-Amz-Signature=518fc3871a119d47abd6a0d64285244b57db69c2e019be3694a25e3ae0378f8f&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=31185891&response-content-disposition=attachment%3B%20filename%3Dsnmp_exporter-0.25.0.linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2023-12-21 12:08:51--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/31185891/aaa12aa4-ebfa-4e22-b061-b274132432f3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231221%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231221T030851Z&X-Amz-Expires=300&X-Amz-Signature=518fc3871a119d47abd6a0d64285244b57db69c2e019be3694a25e3ae0378f8f&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=31185891&response-content-disposition=attachment%3B%20filename%3Dsnmp_exporter-0.25.0.linux-amd64.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.110.133, 185.199.109.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8441503 (8.0M) [application/octet-stream]
Saving to: ‘snmp_exporter-0.25.0.linux-amd64.tar.gz’

snmp_exporter-0.25.0.linux-amd64.tar.gz           100%[===========================================================================================================>]   8.05M  --.-KB/s    in 0.1s

2023-12-21 12:08:52 (63.5 MB/s) - ‘snmp_exporter-0.25.0.linux-amd64.tar.gz’ saved [8441503/8441503]

root@syslogserver:/opt# ls -al
total 8252
drwxr-xr-x  2 root root    4096 12월 21 12:08 .
drwxr-xr-x 20 root root    4096 11월 28 13:53 ..
-rw-r--r--  1 root root 8441503 12월 10 19:07 snmp_exporter-0.25.0.linux-amd64.tar.gz
root@syslogserver:/opt# tar zxvf ./snmp_exporter-0.25.0.linux-amd64.tar.gz
snmp_exporter-0.25.0.linux-amd64/
snmp_exporter-0.25.0.linux-amd64/snmp.yml
snmp_exporter-0.25.0.linux-amd64/LICENSE
snmp_exporter-0.25.0.linux-amd64/NOTICE
snmp_exporter-0.25.0.linux-amd64/snmp_exporter
root@syslogserver:/opt#
root@syslogserver:/opt# mv ./snmp_exporter-0.25.0.linux-amd64 ./snmp_exporter
root@syslogserver:/opt#

설정은 아래 참조

snmp-exporter-0.25 버전에서는 아래와 같은 방식으로 수정하네요.

/opt/snmp_exporter/snmp.yml 파일 맨 상단에 있습니다.

# WARNING: This file was auto-generated using snmp_exporter generator, manual changes will be lost.
auths:
#  public_v1:
#    community: public
#    security_level: noAuthNoPriv
#    auth_protocol: MD5
#    priv_protocol: DES
#    version: 1
  public_v2:
    community: public
#    security_level: noAuthNoPriv
#    auth_protocol: MD5
#    priv_protocol: DES
    version: 2
modules:
  apcups:
    walk:

위 설정이 안되면 아래 링크를 참조하세요~

https://dirt-spoon.tistory.com/77

snmp_exporter 프로세스 만들기

• user: snmp_exporter
• Process: snmp_exporter

root@syslogserver:/opt/snmp_exporter# ln -s /opt/snmp_exporter/snmp_exporter /usr/local/bin/snmp_exporter
root@syslogserver:/opt/snmp_exporter# useradd --system snmp_exporter
root@syslogserver:/opt/snmp_exporter# cd /etc/systemd/system/
root@syslogserver:/opt/snmp_exporter# echo '
[Unit]
Description=Prometheus SNMP Exporter Service
After=network.target

[Service]
Type=simple
User=snmp_exporter
ExecStart=/usr/local/bin/snmp_exporter --config.file="/opt/snmp_exporter/snmp.yml"

[Install]
WantedBy=multi-user.target' > /etc/systemd/system/snmp-exporter.service
root@syslogserver:/opt/snmp_exporter# ls -al /etc/systemd/system | grep snmp
-rw-r--r--  1 root root  237 12월 21 12:19 snmp-exporter.service
root@syslogserver:/opt/snmp_exporter# systemctl daemon-reload
root@syslogserver:/opt/snmp_exporter# systemctl enable snmp-exporter.service
Created symlink /etc/systemd/system/multi-user.target.wants/snmp-exporter.service → /etc/systemd/system/snmp-exporter.service.
root@syslogserver:/opt/snmp_exporter#

프로세스 확인하기

root@syslogserver:/opt/snmp_exporter# systemctl restart snmp-exporter.service
root@syslogserver:/opt/snmp_exporter# ps -ef | grep snmp-exporter
root      188764  167915  0 12:23 pts/5    00:00:00 grep --color=auto snmp-exporter
root@syslogserver:/opt/snmp_exporter#

snmp-exporter 설치 전 설치하기

mib 정보나 snmpget 같은 명령어를 위해서 설치합니다~

root@syslogserver:/etc/logstash/pattern.d# apt install snmp-mibs-downloader snmp snmpd
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
The following additional packages will be installed:
  smistrip
제안하는 패키지:
  snmptrapd
다음 새 패키지를 설치할 것입니다:
  smistrip snmp snmp-mibs-downloader snmpd
0개 업그레이드, 4개 새로 설치, 0개 제거 및 15개 업그레이드 안 함.
5,407 k바이트 아카이브를 받아야 합니다.
이 작업 후 6,271 k바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y
받기:1 http://kr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 snmpd amd64 5.9.1+dfsg-1ubuntu2.6 [60.3 kB]
받기:2 http://kr.archive.ubuntu.com/ubuntu jammy/universe amd64 smistrip all 0.4.8+dfsg2-16 [7,904 B]
받기:3 http://kr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 snmp amd64 5.9.1+dfsg-1ubuntu2.6 [176 kB]
받기:4 http://kr.archive.ubuntu.com/ubuntu jammy/multiverse amd64 snmp-mibs-downloader all 1.5 [5,163 kB]
내려받기 5,407 k바이트, 소요시간 3초 (1,871 k바이트/초)
패키지를 미리 설정하는 중입니다...
Selecting previously unselected package snmpd.
(데이터베이스 읽는중 ...현재 284928개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../snmpd_5.9.1+dfsg-1ubuntu2.6_amd64.deb ...
Unpacking snmpd (5.9.1+dfsg-1ubuntu2.6) ...
Selecting previously unselected package smistrip.
Preparing to unpack .../smistrip_0.4.8+dfsg2-16_all.deb ...
Unpacking smistrip (0.4.8+dfsg2-16) ...
Selecting previously unselected package snmp.
Preparing to unpack .../snmp_5.9.1+dfsg-1ubuntu2.6_amd64.deb ...
Unpacking snmp (5.9.1+dfsg-1ubuntu2.6) ...
Selecting previously unselected package snmp-mibs-downloader.
Preparing to unpack .../snmp-mibs-downloader_1.5_all.deb ...
Unpacking snmp-mibs-downloader (1.5) ...
smistrip (0.4.8+dfsg2-16) 설정하는 중입니다 ...
snmp (5.9.1+dfsg-1ubuntu2.6) 설정하는 중입니다 ...
snmpd (5.9.1+dfsg-1ubuntu2.6) 설정하는 중입니다 ...
adduser: Warning: The home directory `/var/lib/snmp' does not belong to the user you are currently creating.
Created symlink /etc/systemd/system/multi-user.target.wants/snmpd.service → /lib/systemd/system/snmpd.service.
snmp-mibs-downloader (1.5) 설정하는 중입니다 ...

Downloading documents and extracting MIB files.
This will take some minutes.

In case this process fails, it can always be repeated later by executing
/usr/bin/download-mibs again.

RFC1155-SMI: 119 lines.
RFC1213-MIB: 2613 lines.
NOTE: SMUX: ignored.
SMUX-MIB: 158 lines.
CLNS-MIB: 1294 lines.
RFC1381-MIB: 1007 lines.
RFC1382-MIB: 2627 lines.
RFC1414-MIB: 131 lines.
SNMPv2-PARTY-MIB: 1410 lines.
SNMPv2-M2M-MIB: 807 lines.
MIOX25-MIB: 708 lines.
PPP-LCP-MIB: 764 lines.
PPP-SEC-MIB: 289 lines.
PPP-IP-NCP-MIB: 203 lines.
PPP-BRIDGE-NCP-MIB: 429 lines.
FDDI-SMT73-MIB: 2126 lines.
TOKEN-RING-RMON-MIB: 2302 lines.
SOURCE-ROUTING-MIB: 450 lines.
DECNET-PHIV-MIB: 3030 lines.
DSA-MIB: 642 lines.
DPI20-MIB: 47 lines.
IBM-6611-APPN-MIB: 5112 lines.
DNS-SERVER-MIB: 1078 lines.
DNS-RESOLVER-MIB: 1196 lines.
UPS-MIB: 1899 lines.
CHARACTER-MIB: 646 lines.
RS-232-MIB: 788 lines.
PARALLEL-MIB: 286 lines.
SNA-NAU-MIB: 2765 lines.
SIP-MIB: 1099 lines.
Modem-MIB: 1340 lines.
RDBMS-MIB: 1377 lines.
RIPv2-MIB: 532 lines.
APPLETALK-MIB: 3398 lines.
SNA-SDLC-MIB: 2761 lines.
TOKENRING-MIB: 836 lines.
TOKENRING-STATION-SR-MIB: 175 lines.
TCPIPX-MIB: 331 lines.
SNMPv2-USEC-MIB: 238 lines.
MIP-MIB: 2127 lines.
DOT12-IF-MIB: 772 lines.
DLSW-MIB: 3560 lines.
APPC-MIB: 5104 lines.
SNMP-REPEATER-MIB: 3265 lines.
FRAME-RELAY-DTE-MIB: 992 lines.
ISDN-MIB: 1260 lines.
DIAL-CONTROL-MIB: 1270 lines.
RSVP-MIB: 2660 lines.
INTEGRATED-SERVICES-MIB: 750 lines.
INTEGRATED-SERVICES-GUARANTEED-MIB: 218 lines.
APPN-DLUR-MIB: 632 lines.
HPR-MIB: 1270 lines.
DOT12-RPTR-MIB: 1978 lines.
SYSAPPL-MIB: 1539 lines.
IPOA-MIB: 1654 lines.
IPATM-IPMC-MIB: 3244 lines.
IPV6-TCP-MIB: 211 lines.
IPV6-UDP-MIB: 141 lines.
APPN-MIB: 5611 lines.
APPN-TRAP-MIB: 477 lines.
EBN-MIB: 702 lines.
IPV6-TC: 67 lines.
IPV6-MIB: 1443 lines.
IPV6-ICMP-MIB: 529 lines.
DS0-MIB: 305 lines.
DS0BUNDLE-MIB: 311 lines.
ATM-ACCOUNTING-INFORMATION-MIB: 402 lines.
ACCOUNTING-CONTROL-MIB: 768 lines.
ATM-TC-MIB: 713 lines.
ATM-MIB: 2995 lines.
TN3270E-MIB: 1953 lines.
TN3270E-RT-MIB: 896 lines.
APPLICATION-MIB: 2995 lines.
SNMPv2-SMI: 344 lines.
NOTE: FIZBIN-MIB: ignored.
SNMPv2-TC: 772 lines.
SNMPv2-CONF: 322 lines.
HPR-IP-MIB: 487 lines.
WWW-MIB: 1272 lines.
DIRECTORY-SERVER-MIB: 772 lines.
SMON-MIB: 1254 lines.
ADSL-TC-MIB: 113 lines.
ADSL-LINE-MIB: 4328 lines.
ETHER-CHIPSET-MIB: 532 lines.
NHRP-MIB: 2596 lines.
Job-Monitoring-MIB: 1652 lines.
FLOW-METER-MIB: 1901 lines.
AGENTX-MIB: 527 lines.
SLAPM-MIB: 2842 lines.
SNMP-USM-DH-OBJECTS-MIB: 532 lines.
VRRP-MIB: 789 lines.
NETWORK-SERVICES-MIB: 626 lines.
MTA-MIB: 1226 lines.
HOST-RESOURCES-MIB: 1540 lines.
HOST-RESOURCES-TYPES: 389 lines.
RMON-MIB: 3980 lines.
FIBRE-CHANNEL-FE-MIB: 1781 lines.
HCNUM-TC: 118 lines.
IF-MIB: 1814 lines.
IF-INVERTED-STACK-MIB: 149 lines.
PTOPO-MIB: 804 lines.
IPMROUTE-STD-MIB: 869 lines.
IGMP-STD-MIB: 516 lines.
PIM-MIB: 889 lines.
COPS-CLIENT-MIB: 844 lines.
FRNETSERV-MIB: 2479 lines.
FR-ATM-PVC-SERVICE-IWF-MIB: 1066 lines.
RTP-MIB: 981 lines.
DISMAN-EVENT-MIB: 1882 lines.
DISMAN-EXPRESSION-MIB: 1182 lines.
NOTIFICATION-LOG-MIB: 753 lines.
IPV6-MLD-MIB: 417 lines.
FR-MFR-MIB: 888 lines.
PINT-MIB: 573 lines.
DOCS-BPI-MIB: 1569 lines.
INTERFACETOPN-MIB: 1023 lines.
DISMAN-SCRIPT-MIB: 1764 lines.
SFLOW-MIB: 389 lines.
CIRCUIT-IF-MIB: 369 lines.
FRSLD-MIB: 1768 lines.
DISMAN-SCHEDULE-MIB: 699 lines.
HC-RMON-MIB: 3149 lines.
DSMON-MIB: 4449 lines.
DIFFSERV-DSCP-TC: 64 lines.
DIFFSERV-MIB: 3514 lines.
GSMP-MIB: 1582 lines.
L2TP-MIB: 2664 lines.
SNMP-FRAMEWORK-MIB: 526 lines.
SNMP-MPD-MIB: 145 lines.
NOTE: : ignored.
SNMP-TARGET-MIB: 660 lines.
SNMP-NOTIFICATION-MIB: 589 lines.
SNMP-PROXY-MIB: 294 lines.
NOTE: : ignored.
SNMP-USER-BASED-SM-MIB: 912 lines.
SNMP-VIEW-BASED-ACM-MIB: 830 lines.
SNMPv2-PDU: 133 lines.
SNMPv2-TM: 176 lines.
SNMPv2-MIB: 854 lines.
TRANSPORT-ADDRESS-MIB: 421 lines.
ENTITY-SENSOR-MIB: 440 lines.
HC-ALARM-MIB: 707 lines.
ADSL-LINE-EXT-MIB: 1169 lines.
APS-MIB: 1659 lines.
MALLOC-MIB: 1364 lines.
SNMP-COMMUNITY-MIB: 505 lines.
OPT-IF-MIB: 6616 lines.
SONET-MIB: 2360 lines.
PerfHist-TC-MIB: 178 lines.
IPV6-FLOW-LABEL-MIB: 58 lines.
ATM2-MIB: 3220 lines.
POWER-ETHERNET-MIB: 621 lines.
EtherLike-MIB: 1862 lines.
HC-PerfHist-TC-MIB: 222 lines.
VDSL-LINE-MIB: 2844 lines.
APM-MIB: 2127 lines.
DIFFSERV-CONFIG-MIB: 243 lines.
NOTE: IANA-PRINTER-MIB: ignored.
Printer-MIB: 4389 lines.
NOTE: IANA-FINISHER-MIB: ignored.
Finisher-MIB: 869 lines.
MPLS-TC-STD-MIB: 635 lines.
MPLS-TE-STD-MIB: 2483 lines.
MPLS-LSR-STD-MIB: 2106 lines.
MPLS-FTN-STD-MIB: 1030 lines.
MPLS-LDP-STD-MIB: 2408 lines.
MPLS-LDP-ATM-STD-MIB: 757 lines.
MPLS-LDP-FRAME-RELAY-STD-MIB: 641 lines.
MPLS-LDP-GENERIC-STD-MIB: 321 lines.
ROHC-MIB: 1133 lines.
ROHC-UNCOMPRESSED-MIB: 197 lines.
ROHC-RTP-MIB: 636 lines.
SNMP-USM-AES-MIB: 62 lines.
TRIP-TC-MIB: 132 lines.
TRIP-MIB: 2007 lines.
SCTP-MIB: 1342 lines.
ALARM-MIB: 1127 lines.
NOTE: IANA-ITU-ALARM-TC-MIB: ignored.
ITU-ALARM-TC-MIB: 86 lines.
ITU-ALARM-MIB: 486 lines.
ARC-MIB: 396 lines.
DS3-MIB: 1786 lines.
TE-MIB: 1679 lines.
INET-ADDRESS-MIB: 402 lines.
NAT-MIB: 2391 lines.
POLICY-BASED-MANAGEMENT-MIB: 2060 lines.
TCP-MIB: 785 lines.
DOCS-IETF-SUBMGT-MIB: 672 lines.
FC-MGMT-MIB: 2205 lines.
VDSL-LINE-EXT-SCM-MIB: 420 lines.
VDSL-LINE-EXT-MCM-MIB: 662 lines.
TUNNEL-MIB: 738 lines.
UDP-MIB: 549 lines.
DOCS-IETF-BPI2-MIB: 3451 lines.
ENTITY-MIB: 1411 lines.
SSPM-MIB: 1029 lines.
TPM-MIB: 1916 lines.
BRIDGE-MIB: 1472 lines.
TE-LINK-STD-MIB: 1745 lines.
VPN-TC-STD-MIB: 72 lines.
ENTITY-STATE-TC-MIB: 169 lines.
ENTITY-STATE-MIB: 332 lines.
BGP4-MIB: 1232 lines.
IP-FORWARD-MIB: 1277 lines.
IP-MIB: 4993 lines.
MOBILEIPV6-MIB: 3984 lines.
RSTP-MIB: 306 lines.
HDSL2-SHDSL-LINE-MIB: 2503 lines.
DOCS-IETF-QOS-MIB: 3060 lines.
P-BRIDGE-MIB: 1157 lines.
Q-BRIDGE-MIB: 2367 lines.
MPLS-LC-ATM-STD-MIB: 336 lines.
MPLS-LC-FR-STD-MIB: 263 lines.
IFCP-MGMT-MIB: 1015 lines.
MPLS-L3VPN-STD-MIB: 1588 lines.
FCIP-MGMT-MIB: 1037 lines.
T11-FC-NAME-SERVER-MIB: 1136 lines.
T11-TC-MIB: 67 lines.
T11-FC-FABRIC-ADDR-MGR-MIB: 1241 lines.
ISIS-MIB: 4317 lines.
SCSI-MIB: 2758 lines.
AGGREGATE-MIB: 477 lines.
TIME-AGGREGATE-MIB: 375 lines.
RMON2-MIB: 5711 lines.
ISCSI-MIB: 3097 lines.
IPS-AUTH-MIB: 1156 lines.
DOCS-IF-MIB: 5291 lines.
DOCS-IETF-CABLE-DEVICE-NOTIFICATION-MIB: 1453 lines.
DISMAN-PING-MIB: 1561 lines.
DISMAN-TRACEROUTE-MIB: 1850 lines.
DISMAN-NSLOOKUP-MIB: 509 lines.
MSDP-MIB: 1182 lines.
T11-FC-ROUTE-MIB: 448 lines.
T11-FC-FSPF-MIB: 1170 lines.
LMP-MIB: 3185 lines.
DOCS-CABLE-DEVICE-MIB: 3141 lines.
RADIUS-AUTH-CLIENT-MIB: 710 lines.
RADIUS-AUTH-SERVER-MIB: 774 lines.
RADIUS-ACC-CLIENT-MIB: 638 lines.
RADIUS-ACC-SERVER-MIB: 727 lines.
RADIUS-DYNAUTH-CLIENT-MIB: 767 lines.
RADIUS-DYNAUTH-SERVER-MIB: 699 lines.
PKTC-IETF-MTA-MIB: 2081 lines.
ADSL2-LINE-TC-MIB: 729 lines.
ADSL2-LINE-MIB: 5476 lines.
RAQMON-MIB: 1417 lines.
RAQMON-RDS-MIB: 672 lines.
T11-FC-VIRTUAL-FABRIC-MIB: 523 lines.
OSPF-MIB: 4164 lines.
OSPF-TRAP-MIB: 584 lines.
SIP-TC-MIB: 177 lines.
SIP-COMMON-MIB: 1913 lines.
SIP-UA-MIB: 200 lines.
SIP-SERVER-MIB: 869 lines.
SNMP-IEEE802-TM-MIB: 40 lines.
GMPLS-TC-STD-MIB: 124 lines.
GMPLS-TE-STD-MIB: 1749 lines.
NOTE: IANA-GMPLS-TC-MIB: ignored.
GMPLS-LSR-STD-MIB: 503 lines.
GMPLS-LABEL-STD-MIB: 689 lines.
DS1-MIB: 3015 lines.
IPSEC-SPD-MIB: 2682 lines.
MAU-MIB: 1740 lines.
NOTE: IANA-MAU-MIB: ignored.
DOT3-EPON-MIB: 2532 lines.
DOT3-OAM-MIB: 2115 lines.
TCP-ESTATS-MIB: 2941 lines.
T11-FC-FABRIC-CONFIG-SERVER-MIB: 1717 lines.
T11-FC-FABRIC-LOCK-MIB: 490 lines.
T11-FC-ZONE-SERVER-MIB: 2638 lines.
ISNS-MIB: 3243 lines.
T11-FC-RSCN-MIB: 751 lines.
URI-TC-MIB: 133 lines.
PIM-STD-MIB: 3746 lines.
IF-CAP-STACK-MIB: 284 lines.
EFM-CU-MIB: 2995 lines.
UDPLITE-MIB: 513 lines.
PKTC-IETF-SIG-MIB: 3021 lines.
LANGTAG-TC-MIB: 56 lines.
IPMCAST-MIB: 2391 lines.
MIDCOM-MIB: 2260 lines.
PIM-BSR-MIB: 699 lines.
T11-FC-SP-TC-MIB: 637 lines.
T11-FC-SP-AUTHENTICATION-MIB: 920 lines.
T11-FC-SP-ZONING-MIB: 550 lines.
T11-FC-SP-POLICY-MIB: 4274 lines.
T11-FC-SP-SA-MIB: 2483 lines.
SYSLOG-TC-MIB: 202 lines.
PKTC-IETF-EVENT-MIB: 1163 lines.
NEMO-MIB: 1739 lines.
MGMD-STD-MIB: 1524 lines.
RSERPOOL-MIB: 1439 lines.
PW-TC-STD-MIB: 288 lines.
SNMP-TSM-MIB: 234 lines.
SNMP-SSH-TM-MIB: 329 lines.
NOTE: IANA-PWE3-MIB: ignored.
PW-STD-MIB: 2438 lines.
PW-MPLS-STD-MIB: 914 lines.
PW-ENET-STD-MIB: 491 lines.
PW-TDM-MIB: 1336 lines.
PW-ATM-MIB: 1205 lines.
OSPFV3-MIB: 3951 lines.
VDSL2-LINE-TC-MIB: 1479 lines.
VDSL2-LINE-MIB: 7189 lines.
SYSLOG-MSG-MIB: 598 lines.
DVB-RCS-MIB: 3329 lines.
FORCES-MIB: 391 lines.
IPFIX-MIB: 1677 lines.
NOTE: IPFIX-SELECTOR-MIB: ignored.
CAPWAP-BASE-MIB: 2618 lines.
CAPWAP-DOT11-MIB: 369 lines.
patching file ADSL-LINE-MIB
patching file DLSW-MIB
patching file DSA-MIB
patching file FDDI-SMT73-MIB
patching file HPR-MIB
patching file MIP-MIB
patching file Modem-MIB
patching file PPP-LCP-MIB
patching file RDBMS-MIB
patching file RFC1414-MIB
patching file SNA-NAU-MIB
patching file TCPIPX-MIB
patching file UPS-MIB
patching file SMUX-MIB
patching file IPATM-IPMC-MIB
IANA-PWE3-MIB: 137 lines.
NOTE: PW-STD-MIB: ignored.
NOTE: IPFIX-MIB: ignored.
IPFIX-SELECTOR-MIB: 173 lines.
IANAifType-MIB: 685 lines.
IANA-LANGUAGE-MIB: 126 lines.
IANA-ADDRESS-FAMILY-NUMBERS-MIB: 170 lines.
IANA-RTPROTO-MIB: 102 lines.
IANATn3270eTC-MIB: 303 lines.
IANA-MALLOC-MIB: 69 lines.
IANA-CHARSET-MIB: 361 lines.
IANA-PRINTER-MIB: 2111 lines.
IANA-FINISHER-MIB: 286 lines.
IANA-ITU-ALARM-TC-MIB: 335 lines.
IANA-GMPLS-TC-MIB: 359 lines.
IANA-IPPM-METRICS-REGISTRY-MIB: 818 lines.
IANA-MAU-MIB: 984 lines.
Processing triggers for man-db (2.10.2-1) ...
root@syslogserver:/etc/logstash/pattern.d#