Changed data location and now not working

[tmcdonald]

Could you also provide some insight regarding the first half of my last post? I'm waiting for my fresh VM to build up a few logs before I test.

Edit: Just did the following on the server:

Code: Select all

service elasticsearch stop
mkdir /tmp/data
vi /etc/sysconfig/elasticsearch
    (changed line to:  DATA_DIR="/tmp/data")
mv /usr/local/nagioslogserver/elasticsearch/data/* /tmp/data
service elasticsearch start

and I am not seeing the same behavior. I am getting logs and can query, and the page shows logstash and elasticsearch working.

[BanditBBS]

As stated, I undid the change. i think I hit some other issue, so removed the changes I made to try and resolve this one.

I am clearly still getting apache log information added to my file from the default source. When I go to the apache 404 query I see this on the top of one of the dashlets "Oops! FacetPhaseExecutionException[Facet [0]: (value) field [bytes] not found]"

Got a little busy here doing other things and will get back to you about your earlier requests asap.

EDIT: Seeing this over and over in the one dashboard:

Code: Select all

2014-11-14T13:31:01.000-06:00	127.0.0.1	syslog	  nagios : command not allowed ; TTY=unknown ; PWD=/var/www/html/nagioslogserver/www ; USER=root ; COMMAND=/etc/init.d/logstash status	 
2014-11-14T13:31:01.000-06:00	127.0.0.1	syslog	  nagios : command not allowed ; TTY=unknown ; PWD=/var/www/html/nagioslogserver/www ; USER=root ; COMMAND=/etc/init.d/elasticsearch status	 
2014-11-14T13:30:46.000-06:00	127.0.0.1	syslog	  nagios : command not allowed ; TTY=unknown ; PWD=/var/www/html/nagioslogserver/www ; USER=root ; COMMAND=/etc/init.d/logstash status	 
2014-11-14T13:30:46.000-06:00	127.0.0.1	syslog	  nagios : command not allowed ; TTY=unknown ; PWD=/var/www/html/nagioslogserver/www ; USER=root ; COMMAND=/etc/init.d/elasticsearch status	

[BanditBBS]

Oh, CRAP!

We have an app that syncs ppk's and the sudoers file. I bet it ran and over wrote the sudoers file.

What does logserver add to the sudoers file on install so I can add it back in?

[eloyd]

Nothing changed and suddenly it's not working.

User_Alias NAGIOSLOGSERVER=nagios
User_Alias NAGIOSLOGSERVERWEB=apache
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash start
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash stop
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash restart
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash reload
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash status
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch start
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch stop
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch restart
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch reload
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch status
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash start
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash stop
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash restart
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash reload
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash status
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch start
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch stop
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch restart
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch reload
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch status
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/usr/local/nagioslogserver/scripts/get_logstash_ports.sh

[tmcdonald]

Here's the function from the install dir that handlers sudoers:

Code: Select all

# Update sudoers file if it hasn't already been updated
sudoers() {
    # Remove old sudoers entries
    grep -v NAGIOSLOGSERVER /etc/sudoers > /etc/sudoers.new
    mv -f /etc/sudoers.new /etc/sudoers

    # Remove TTY requirement
    sed -i 's/Defaults    requiretty/#Defaults    requiretty/g' /etc/sudoers

    # Add new sudoers entries and set permissions
    cat nagioslogserver/nagioslogserver.sudoers >> /etc/sudoers
    chmod 440 /etc/sudoers
}

You might be able to run the upgrade script again, but not sure what all that would overwrite...

EDIT: eloyd, stop being so good at helping people

[BanditBBS]

Thanks guys, expecially Eric since he was so much faster!

I am sure this is my entire issue and will get it added to the central server. You can close this up!

p.s. Eric - I never said nothing had changed! I started it out with "I just changed something and it doesn't work" LOL

[eloyd]

Bandit,

I made up that quote. But I hear it so often....

Trevor,

You're asking me to quit you?

[cmerchant]

We'll go ahead and close this one up.

[tmcdonald]

You're asking me to quit you?

We both know that would end in tears and drowning our sorrows in chocolate cake. As much as I like cake, let's try and work out our differences. For Science.