Nagios Log Server Install doesn't open UDP 5544 in firewall

[mark.payne]

When installing Nagios Log Server on CentOS it seems to open the following ports:
ports: 443/tcp 2056/tcp 80/tcp 5544/tcp 3515/tcp 9300-9400/tcp 2057/tcp

UDP 5544 is missing.

When sending UDP 5544 syslog from a network device I can see packets arrive by doing a tcpdump but they go no where.
Allowed UDP 5544 by running "firewall-cmd --zone=public --permanent --add-port=5544/udp"

Hopefully this can be fixed and might help others experiencing the same issue.

[hsmith]

What version of NLS are you installing? I can take a look, see if I can verify, and then consult the developers.

[mark.payne]

Version 1.3.0 however have experienced this with 2015R2.2 also.
If you look at the install script it only opens TCP ports unless im missing something.
I was running on CentOS 7.1 also.

Still evaluating the product but so far I have hit so many little bugs its quite scary how unpolished it is, especially for a product that has been around for about a year now.

[tmcdonald]

What other little bugs have you hit? On the contrary, Logserver is probably the product that we have received the most praise for when compared to how long it has been out.

[jolson]

Version 1.3.0 however have experienced this with 2015R2.2 also.
If you look at the install script it only opens TCP ports unless im missing something.

I don't think you're missing anything - I'll talk with a developer now.

[jolson]

@mark.payne, I've added udp/5544 opening on default installations. If there are any other small tweaks that you'd like made, please be sure to let us know.

[mark.payne]

What other little bugs have you hit? On the contrary, Logserver is probably the product that we have received the most praise for when compared to how long it has been out.

Most were around alerting.

Firstly alerts would not run based on check interval at all. The command subsystem "run_all_alerts" would be running but the alerts would not run, "last run" would not increment. Manually running would work.
Then after about an hour or so Alerts started running however would find hundreds of entries when there is clearly only one or two when you run the query in the dashboard.
I recreated the alert I was testing with from scratch and then the link in the email had a 127.0.0.1 address instead of the actual ip of the server.
After a few hours of troubleshooting I gave up and left it for the weekend.

I started working on it today and Alerts seem to be working fine now...
Not sure why after leaving it for a few days it started working.

It would be good to have the syslog message it alerted on in the body of the email alerts. I read that this functionality is coming soon?

This was on a single server instance.
I'm about to add another instance to the cluster so I hope I don't find anymore bugs around this otherwise I will be looking for other products.

[mark.payne]

@mark.payne, I've added udp/5544 opening on default installations. If there are any other small tweaks that you'd like made, please be sure to let us know.

Thanks. You should probably update documentation on "Listening on Privileged ports", "Configuring input filters" and any others that might change incoming ports explaining firewall rules need updating.
Seems like it is a common issue when I was searching around.

[mark.payne]

The issue where email alerts have 127.0.0.1 address in the alerts has come back for me after changing the IP of the server.
Below is the email:

demo came back with a CRITICAL state at Tue, 27 Oct 2015 16:33:26 +1300

The alert was processed with the following thresholds:
- Lookback Period: 1m
- Warning: 1
- Critical: 2

Here is the full alert output:
CRITICAL: 6 matching entries found |logs=6;1;2

See the last 1m in the dashboard:
http://127.0.0.1/var/www/html/nagioslog ... T03:32:26Z

Nagios Log Server


When I delete the alert then recreate it the correct URL/IP is in the email.

Edit: Looks like recreating only helped once. Its back to 127.0.0.1 after the second alert.

[jolson]

@mark.payne,

127.0.0.1 is the default address because Nagios Log Server isn't sure which node you'd like to pull the actual address from. You can manually specify the address here:

2015-10-27 10_19_51-Global Settings • Nagios Log Server.png

Thanks. You should probably update documentation on "Listening on Privileged ports", "Configuring input filters" and any others that might change incoming ports explaining firewall rules need updating.

Thanks for the recommendation! I'll see what I can do here.