Prometheus Asterisk Configuration files - Omid-Mohajerani/VoIP-Monitoring GitHub Wiki
Prometheus Configuration with Basic Authentication
# my global config
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Alertmanager configuration
alerting:
alertmanagers:
- static_configs:
- targets:
# - alertmanager:9093
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: "prometheus"
static_configs:
- targets: ["127.0.0.1:9090"]
- job_name: "Asterisk Servers"
static_configs:
- targets: ["167.172.169.213:8088"]
basic_auth:
username: "Asterisk"
password: "Rf52Gfg8GspqG"Asterisk prometheus.yaml configuration
;
; res_prometheus Module configuration for Asterisk
;
;
; This configuration file is consumed by res_prometheus, which
; provides the functionality for serving up Asterisk statistics to a
; Prometheus server.
;
; Because Prometheus scrapes statistics from HTTP servers, this module requires
; Asterisk's built-in HTTP server to be enabled and configured properly.
;
; Module Dependencies:
; only if Asterisk is build with pjproject bundled (default)
; * res_pjsip.so
; * res_pjsip_outbound_registration.so
; Settings that affect all statistic generation
[general]
enabled = yes ; Enable/disable all statistic generation.
; Default is "no", as enabling this without
; proper securing of your Asterisk system
; may result in external systems learning
; a lot about your Asterisk system.
; Note #1: If Asterisk's HTTP server is
; disabled, this setting won't matter.
; Note #2: It is highly recommended that you
; set up Basic Auth and configure your
; Prometheus server to authenticate with
; Asterisk. Failing to do so will make it easy
; for external systems to scrape your Asterisk
; instance and learn things about your system
; that you may not want them to. While the
; metrics exposed by this module do not
; necessarily contain information that can
; lead to an exploit, an ounce of prevention
; goes a long way. Particularly for those out
; there who are exceedingly lax in updating
; your Asterisk system. You are updating on a
; regular cadence, aren't you???
core_metrics_enabled = yes ; Enable/disable core metrics. Core metrics
; include various properties such as the
; version of Asterisk, uptime, last reload
; time, and the overall time it takes to
; scrape metrics. Default is "yes"
uri = metrics ; The HTTP route to expose metrics on.
; Default is "metrics".
auth_username = Asterisk ; If provided, Basic Auth will be enabled on
; the metrics route. Failure to provide both
; auth_username and auth_password will result
; in a module load error.
auth_password = Rf52Gfg8GspqG ; The password to use for Basic Auth. Note
; that I'm leaving this blank to prevent
; you from merely uncommenting the line and
; running with a config provided password.
; Because yes, people actually *do* that.
; I mean, if you're going to do that, just
; run unsecured. Fake security is usually
; worse than no security.
; auth_realm = ; Realm to use for authentication. Defaults
; to Asterisk Prometheus Metrics
Asterisk http.conf configuration
;
; Asterisk Built-in mini-HTTP server
;
;
; Note about Asterisk documentation:
; If Asterisk was installed from a tarball, then the HTML documentation should
; be installed in the static-http/docs directory which is
; (/var/lib/asterisk/static-http/docs) on linux by default. If the Asterisk
; HTTP server is enabled in this file by setting the "enabled", "bindaddr",
; and "bindport" options, then you should be able to view the documentation
; remotely by browsing to:
; http://<server_ip>:<bindport>/static/docs/index.html
;
[general]
;
; The name of the server, advertised in both the Server field in HTTP
; response message headers, as well as the <address /> element in certain HTTP
; response message bodies. If not furnished here, "Asterisk/{version}" will be
; used as a default value for the Server header field and the <address />
; element. Setting this property to a blank value will result in the omission
; of the Server header field from HTTP response message headers and the
; <address /> element from HTTP response message bodies.
;
servername=Asterisk
;
; Whether HTTP/HTTPS interface is enabled or not. Default is no.
; This also affects manager/rawman/mxml access (see manager.conf)
;
enabled=yes
;
; Address to bind to, both for HTTP and HTTPS. You MUST specify
; a bindaddr in order for the HTTP server to run. There is no
; default value.
;
bindaddr=167.172.169.213
;
; Port to bind to for HTTP sessions (default is 8088)
;
bindport=8088
;
; Prefix allows you to specify a prefix for all requests
; to the server. The default is blank. If uncommented
; all requests must begin with /asterisk
;
;prefix=asterisk
;
; sessionlimit specifies the maximum number of httpsessions that will be
; allowed to exist at any given time. (default: 100)
;
;sessionlimit=100
;
; session_inactivity specifies the number of milliseconds to wait for
; more data over the HTTP connection before closing it.
;
; Default: 30000
;session_inactivity=30000
;
; session_keep_alive specifies the number of milliseconds to wait for
; the next HTTP request over a persistent connection.
;
; Set to 0 to disable persistent HTTP connections.
; Default: 15000
;session_keep_alive=15000
;
; Whether Asterisk should serve static content from static-http
; Default is no.
;
;enable_static=yes
;
; Whether Asterisk should serve a status page showing the running
; configuration of this built-in HTTP server.
; Default is yes.
;
;enable_status=no
;
; Redirect one URI to another. This is how you would set a
; default page.
; Syntax: redirect=<from here> <to there>
; For example, if you are using the Asterisk-gui,
; it is convenient to enable the following redirect:
;
;redirect = / /static/config/index.html
;
; HTTPS support. In addition to enabled=yes, you need to
; explicitly enable tls, define the port to use,
; and have a certificate somewhere.
;tlsenable=yes ; enable tls - default no.
;tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089.
;
;tlscertfile=</path/to/certificate.pem> ; path to the certificate file (*.pem) only.
;tlsprivatekey=</path/to/private.pem> ; path to private key file (*.pem) only.
; If no path is given for tlscertfile or tlsprivatekey, default is to look in current
; directory. If no tlsprivatekey is given, default is to search tlscertfile for private key.
;
; To produce a certificate you can e.g. use openssl. This places both the cert and
; private in same .pem file.
; openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem
;
; tlscipher= ; The list of allowed ciphers
; ; if none are specified the following cipher
; ; list will be used instead:
; ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:
; ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
; kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
; ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
; ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:
; DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
; AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
; AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:
; !EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
;
; tlsdisablev1=yes ; Disable TLSv1 support - if not set this defaults to "yes"
; tlsdisablev11=yes ; Disable TLSv1.1 support - if not set this defaults to "no"
; tlsdisablev12=yes ; Disable TLSv1.2 support - if not set this defaults to "no"
;
; tlsservercipherorder=yes ; Use the server preference order instead of the client order
; ; Defaults to "yes"
;
; The post_mappings section maps URLs to real paths on the filesystem. If a
; POST is done from within an authenticated manager session to one of the
; configured POST mappings, then any files in the POST will be placed in the
; configured directory.
;
;[post_mappings]
;
; NOTE: You need a valid HTTP AMI mansession_id cookie with the manager
; config permission to POST files.
;
; In this example, if the prefix option is set to "asterisk", then using the
; POST URL: /asterisk/uploads will put files in /var/lib/asterisk/uploads/.
;uploads = /var/lib/asterisk/uploads/
;