Hello, I am running a test server with version 2.08, on a 64-bit VM, CentOS 7 server.
Starting about 2 PM yesterday, no logs are registered from 7 servers, including the local host.
NLS is listening on a few ports, but is not listening on some ports I expect it to listen on.
I have taken out experimental inputs and filters, verified and applied the standard inputs and filters.
I have restarted logstash.
What can I try next? What information would help you diagnose it?
Earl
Logstash not accepting logs
-
- Posts: 226
- Joined: Mon Oct 16, 2017 9:24 am
Re: Logstash not accepting logs
I neglected to mention that 7 servers are all the servers connected to NLS.
It has taken in zero logs since 2 PM yesterday.
Earl
It has taken in zero logs since 2 PM yesterday.
Earl
-
- Posts: 226
- Joined: Mon Oct 16, 2017 9:24 am
Re: Logstash not accepting logs
Hello,
I found the logstash log.
It has
{:timestamp=>"2019-07-17T13:09:43.417000-0500", :message=>"Pipeline aborted due to error", :exception=>"Errno::EACCES", :error=>"Permission denied - /etc/pki/tls/private/syslog-nls.key"
{:timestamp=>"2019-07-17T11:42:49.133000-0500", :message=>"Could not inititalize SSL context", :exception=>#<Errno::EACCES: Permission denied - /etc/pki/tls/certs/syslog-nls.crt>
They were
-rw------- 1 root root 1257 Jul 11 08:45 /etc/pki/tls/certs/syslog-nls.crt
-rw------- 1 root root 1679 Jul 11 08:44 /etc/pki/tls/private/syslog-nls.key
I have no idea why they would have changed.
With a+r rights, and restarting logstash, NLS is getting logs again.
Should they be -rw-r----- root nagios ?
Earl
I found the logstash log.
It has
{:timestamp=>"2019-07-17T13:09:43.417000-0500", :message=>"Pipeline aborted due to error", :exception=>"Errno::EACCES", :error=>"Permission denied - /etc/pki/tls/private/syslog-nls.key"
{:timestamp=>"2019-07-17T11:42:49.133000-0500", :message=>"Could not inititalize SSL context", :exception=>#<Errno::EACCES: Permission denied - /etc/pki/tls/certs/syslog-nls.crt>
They were
-rw------- 1 root root 1257 Jul 11 08:45 /etc/pki/tls/certs/syslog-nls.crt
-rw------- 1 root root 1679 Jul 11 08:44 /etc/pki/tls/private/syslog-nls.key
I have no idea why they would have changed.
With a+r rights, and restarting logstash, NLS is getting logs again.
Should they be -rw-r----- root nagios ?
Earl
Re: Logstash not accepting logs
If the steps in https://assets.nagios.com/downloads/nag ... th-SSL.pdf were followed and the root account uses the default 'umask 022', then we'd expect the permissions to be:
Code: Select all
-rw-r--r-- 1 root root
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 226
- Joined: Mon Oct 16, 2017 9:24 am
Re: Logstash not accepting logs
Hello,
OK, please lock the case.
Earl
OK, please lock the case.
Earl
-
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Logstash not accepting logs
Sounds good. Thanks Earl.OK, please lock the case.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!