Open RyanInsolencee opened 8 months ago
Please paste the full log
I have also faced with this issue. Container log:
2024/02/02 18:53:23 Loaded 1 API keys 2024/02/02 18:53:23 Fortigate exporter running, listening on ":9710" 2024/02/02 18:53:54 Error: Response code was 403, expected 200 (path: "api/v2/monitor/system/resource/usage") 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 18:53:57 Warning: Failed to map "" to policy config - this should not happen 2024/02/02 20:00:28 Probe of "https://10.100.70.1" failed, took 2.979 seconds
Note: I am running exporter with insecure option
Hi,
Did you by any chance have an answer concerning : Warning: Failed to map "" to policy config - this should not happen ? I also succeed in getting the metrics without errors but the log is spammed with Warning: Failed to map "" to policy config - this should not happen. Do you have any idea what i did wrong ? Thx a lot.
Warning: Failed to map "" to policy config - this should not happen Warning: Failed to map "" to policy config - this should not happen Warning: Failed to map "" to policy config - this should not happen Warning: Failed to map "" to policy config - this should not happen Warning: Failed to map "" to policy config - this should not happen Warning: Failed to map "" to policy config - this should not happen Warning: Failed to map "" to policy config - this should not happen Warning: Failed to map "" to policy config - this should not happen Warning: Failed to map "" to policy config - this should not happen Error: Response code was 424, expected 200 (path: "api/v2/monitor/log/fortianalyzer") Error: Response code was 404, expected 200 (path: "api/v2/monitor/switch-controller/managed-switch") Probe of "https://xxxxxxxxxxxxxx" failed, took 0.322 seconds
It's also providing metrics despite failed mapping. Maybe the key is to fiddle around with the included probes.
https://github.com/bluecmd/fortigate_exporter/blob/2aaf029b74e85b2c78464255e6741e623aa29223/pkg/probe/firewall_policy.go#L143
That must be the line triggering this message. After a little research in my own lab I think it is due to fw rule(s) being disabled. When I explore the metrics I can see all my active fw rules by name but my disabled rule is missing and I see a \
EDIT: still getting the error after enabling my rule. I have 12 rules and I see this message 12 times per probe. All policies generates this log messages?
I checked, and i got 34 "this should not happen" messages for about 1000 rules.
I checked, and i got 34 "this should not happen" messages for about 1000 rules.
How many or your rules have both IPv4 and IPv6? I've done some additional testing and I stop seeing this error if I throw in IPv6 address objects in my policies
Each policy containing only IPv4 objects is listed in the IPv6 query but without the necessary fields for ID, UUID, name etc https://192.168.0.1/api/v2/monitor/firewall/policy/select?vdom=*&ip_version=ipv6:
[
{
"http_method":"GET",
"results":[
{
"policyid":13,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":11,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":10,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":1,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":2,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":3,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":4,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":5,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":6,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":8,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":9,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":12,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
},
{
"policyid":0,
"active_sessions":0,
"bytes":0,
"packets":0,
"software_bytes":0,
"software_packets":0,
"asic_bytes":0,
"asic_packets":0
}
],
"vdom":"root",
"path":"firewall",
"name":"policy",
"action":"select",
"status":"success",
"serial":"myserial",
"version":"v7.4.3",
"build":2573
}
]
Hello, thanks for the api url. So i see exactly what you have shown . So now i need to talk with Network admin to see how we disable IPv6. I'll get back to you when done and tell you if i stop seeing the warning logs for exporter. Thank you.
My temporary fix for now is to comment out (double slash) these lines: https://github.com/bluecmd/fortigate_exporter/blob/2aaf029b74e85b2c78464255e6741e623aa29223/pkg/probe/firewall_policy.go#L165-L169 That way it doesn't even try to parse IPv6 statistics
disabled rules do produce this error message as well..
im connected to my fortigates and when running the exporter it will shoot out a bunch of 'Warning: Failed to map "" to policy config - this should not happen" even when the probe is successful .what does this mean? and also i notice some missing ports that arent showing up as they are configured as hardware switch on my fortigate, will they not show up?