Linux source setup not working for CentOS 7

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent
Contact:
Contact WillemDH

Linux source setup not working for CentOS 7

Post by WillemDH »

Hello,

Tried to configure rsyslogo on two CentOS 7 Linux servers following the NLS procedure

Code: Select all

curl -s -O https://nlsserver/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s nlsserver -p 5546
The above worked in the past on CentOS 6 servers (at least 5 of them are still sending)
I have an input at 5546:

Code: Select all

syslog {
    type => 'syslog-linux'
    port => 5546
}
Tried a tcpdump on the nls server but I'm not seeing anything coming in.

Tried adding

Code: Select all

DebugFile /var/log/rsyslog-debug.log
DebugLevel 2
to /etc/rsyslog.d/99-nagioslogserver.conf and I can see the rsyslog-debug.log populating. What else can I do to troubleshoot this issue?

This is my /etc/rsyslog.d/99-nagioslogserver.conf

Code: Select all

### Begin forwarding rule for Nagios Log Server                           NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog # Where spool files will live             NAGIOSLOGSERVER
$ActionQueueFileName nlsFwdRule0 # Unique name prefix for spool files     NAGIOSLOGSERVER
$ActionQueueMaxDiskSpace 1g   # 1GB space limit (use as much as possible) NAGIOSLOGSERVER
$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown         NAGIOSLOGSERVER
$ActionQueueType LinkedList   # Use asynchronous processing               NAGIOSLOGSERVER
$ActionResumeRetryCount -1    # Infinite retries if host is down          NAGIOSLOGSERVER
# Remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional       NAGIOSLOGSERVER
*.* @@nlsserver:5546                                               # NAGIOSLOGSERVER
### End of Nagios Log Server forwarding rule                              NAGIOSLOGSERVER
#
DebugFile /var/log/rsyslog-debug.log
DebugLevel 2
Nagios XI 5.8.1
https://outsideit.net
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Linux source setup not working for CentOS 7

Post by hsmith »

Is this CentOS 7 host running SELinux by any chance?
Former Nagios Employee.
me.
Top
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent
Contact:
Contact WillemDH

Re: Linux source setup not working for CentOS 7

Post by WillemDH »

Holden,

Yes indeed SELINUX is set to enforcing. Is there a way to make it work without disabling selinux?

Grtz

Willem
Nagios XI 5.8.1
https://outsideit.net
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Linux source setup not working for CentOS 7

Post by hsmith »

I've run into this before, Troy did a little writeup on it in the KB.

https://support.nagios.com/kb/article.php?id=490

There are a couple of ways you could go about solving this issue, the first will be the 'easiest' and is the one we mention in the KB.

1) Create an input on NLS for port 6514 tcp/udp, and set your sending server to send to that port on NLS.
2) Create an SELinux context to allow logs to go out 5544. This will take more work, and is not something I have wrote instructions for.
Former Nagios Employee.
me.
Top
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent
Contact:
Contact WillemDH

Re: Linux source setup not working for CentOS 7

Post by WillemDH »

THis worked for me. Thread can be closed. Tx
Nagios XI 5.8.1
https://outsideit.net
Top
Locked

Return to “Nagios Log Server”