NLS Ubuntu Error
-
- Posts: 15
- Joined: Wed Mar 29, 2017 10:47 am
NLS Ubuntu Error
Trying out NLS on Ubuntu 16. New install. I download and exec the sh script and the below is what I get. rsyslog is running. Restarted the service. Nothing going to NLS.
Any advice would be appreciated
root@web1:/tmp# bash setup-linux.sh -s logs.isonasnet.com -p 5544
Detected rsyslog 8.16.0
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: logs.isonasnet.com:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
getenforce command not found, assuming SELinux is disabled.
ERROR: rsyslog configuration check failed.
Any advice would be appreciated
root@web1:/tmp# bash setup-linux.sh -s logs.isonasnet.com -p 5544
Detected rsyslog 8.16.0
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: logs.isonasnet.com:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
getenforce command not found, assuming SELinux is disabled.
ERROR: rsyslog configuration check failed.
Re: NLS Ubuntu Error
I haven't worked for Nagios for awhile now, but last I knew Ubuntu was not supported. I haven't been watching closely - but I'm not aware of that changing. Red Hat/CentOS is the recommended installation platform.
Former Nagios Employee.
me.
me.
-
- Posts: 15
- Joined: Wed Mar 29, 2017 10:47 am
Re: NLS Ubuntu Error
A little more on this:
When I try the Manual option the first line gets this:
root@web1:/tmp# ls -d /var/lib/rsyslog || ls -d /var/spool/rsyslog || mkdir -v /var/spool/rsyslog
ls: cannot access '/var/lib/rsyslog': No such file or directory
/var/spool/rsyslog
When I try the Manual option the first line gets this:
root@web1:/tmp# ls -d /var/lib/rsyslog || ls -d /var/spool/rsyslog || mkdir -v /var/spool/rsyslog
ls: cannot access '/var/lib/rsyslog': No such file or directory
/var/spool/rsyslog
-
- Posts: 15
- Joined: Wed Mar 29, 2017 10:47 am
Re: NLS Ubuntu Error
To be clear: I'm not installing NLS on Ubuntu. Just wanting to get log events from it to the NLS that is already running finehsmith wrote:I haven't worked for Nagios for awhile now, but last I knew Ubuntu was not supported. I haven't been watching closely - but I'm not aware of that changing. Red Hat/CentOS is the recommended installation platform.
Sharing for the benefit of others....
My initial error is caused by a known bug in rsyslog.
comment the line in the /etc/rsyslog.conf :
$KLogPermitNonKernelFacility on
This allows syslogging to start working.
Now I am trying to get file watch on catalina.out and that isn't working. If anyone has ideas on what to check please share.
Last edited by dwhitfield on Mon May 01, 2017 10:19 am, edited 1 time in total.
Reason: cleaning up double-post
Reason: cleaning up double-post
Re: NLS Ubuntu Error
Thanks @hsmith! To confirm, we only support clean, minimal installations of Red Hat and CentOS Linux.hsmith wrote:I haven't worked for Nagios for awhile now, but last I knew Ubuntu was not supported. I haven't been watching closely - but I'm not aware of that changing. Red Hat/CentOS is the recommended installation platform.
Tomcat logs are notoriously tricky to deal with because Java call traces take up multiple lines. Were you encountering specific problems with getting the logs to even make it to Nagios Log Server? We do include a setup script for Linux files that can be found here:stevecalderoni wrote:Now I am trying to get file watch on catalina.out and that isn't working. If anyone has ideas on what to check please share.
Is that script giving you problems?
You do not have the required permissions to view the files attached to this post.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
- Posts: 15
- Joined: Wed Mar 29, 2017 10:47 am
Re: NLS Ubuntu Error
That is the one I used. The conf file gets created and rsyslog restarts successfully. By all rights it should be logging. I do see events from the OS coming in so I know rsyslog is sending something. I'm just not getting the catalina.out file. I am at a total loss on this one.
Conf file created by scripts:
Conf file created by scripts:
Code: Select all
root@server:/opt/tomcat/logs# cat /etc/rsyslog.d/90-nagioslogserver_opt_tomcat_logs_catalina.out.conf
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# Input for CatalinaOut
$InputFileName /opt/tomcat/logs/catalina.out
$InputFileTag CatalinaOut:
$InputFileStateFile nls-state-opt_tomcat_logs_catalina.out # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'CatalinaOut' then @@logs.isonasnet.com:5544
if $programname == 'CatalinaOut' then ~
Spool file exists as well:
root@server:/opt/tomcat/logs# cat /var/spool/rsyslog/nls-state-opt_tomcat_logs_catalina.out
<Obj:1:strm:1:
+iCurrFNum:2:1:1:
+pszFName:1:29:/opt/tomcat/logs/catalina.out:
+iMaxFiles:2:1:0:
+bDeleteOnClose:2:1:0:
+sType:2:1:2:
+tOperationsMode:2:1:1:
+tOpenMode:2:3:384:
+iCurrOffs:2:1:0:
+inode:2:1:0:
+bPrevWasNL:2:1:0:
>End
.
Last edited by mcapra on Mon May 01, 2017 10:08 am, edited 1 time in total.
Reason: please use [code] tags for technical output
Reason: please use [code] tags for technical output
Re: NLS Ubuntu Error
Can you try altering the rsyslog rule to use a Logstash input other than the default syslog one on 5544? 2056 is used for raw tcp/udp inputs by default. Give this a try:
You'll need to restart the rsyslog process to apply the changes.
Code: Select all
if $programname == 'CatalinaOut' then @@logs.isonasnet.com:2056
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
- Posts: 15
- Joined: Wed Mar 29, 2017 10:47 am
Re: NLS Ubuntu Error
Thanks for the reply. Still nothing coming after changing to port 2056
Re: NLS Ubuntu Error
I would check both the system log on the Ubuntu machine for rsyslog errors, and the Logstash log on the Nagios Log Server machine for errors. Here's the location of the Logstash log on the Nagios Log Server machine if you'd like to share it for review:
I would also verify that there are no Firewall rules on the Nagios Log Server machine preventing traffic on port 2056.
Code: Select all
/var/log/logstash/logstash.log
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
- Posts: 15
- Joined: Wed Mar 29, 2017 10:47 am
Re: NLS Ubuntu Error
The /var/log/logstash/logstash.log only has 4 errors in it and they are for another device.
iptables shows all needed ports open and the 2056 port is taking traffic
Chain INPUT (policy ACCEPT 144K packets, 212M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2057
43 2580 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2056
1469 88140 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5544
59 3020 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3515
85 5100 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:9300:9400
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
14M 6405M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:5544
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5667
15936 956K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5666
29620 1540K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
86163 17M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5544
iptables shows all needed ports open and the 2056 port is taking traffic
Chain INPUT (policy ACCEPT 144K packets, 212M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2057
43 2580 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2056
1469 88140 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5544
59 3020 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3515
85 5100 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:9300:9400
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
14M 6405M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:5544
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5667
15936 956K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5666
29620 1540K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
86163 17M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5544