Problems installing to bare metal Cent7

[bpizzutiWHI]

It's not quite a "corporate" build but it's set up the way my Linux guys always set up their boxes. If you want to summarize the specific CentOS install options that you guys recommend then I can find out what they did different.

Incidentally, I have those config files from the demo I ran, but then I get this:

{:timestamp=>"2017-07-06T10:12:02.554000-0400", :message=>"The error reported is: \n pattern %{COMMONAPACHELOG2} not defined"}

[bpizzutiWHI]

-run umask. My lab machine shows 0022

I've got 0002

-sudoers should contain:
~~
# NEEDED TO ALLOW NAGIOS TO CHECK SERVICE STATUS
Defaults:nagios !requiretty
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_init_service

# ASTERISK-SPECIFIC CHECKS
# NOTE: You can uncomment the following line if you are monitoring Asterisk locally
#nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_asterisk_sip_peers.sh, /usr/local/nagios/libexec/nagisk.pl, /usr/sbin/asterisk

These last two sections were missing. Might be why System Status was showing two green checkmarks instead of the actual service status. That's technically a bug I guess: failure to check status shouldn't show up as an OK status.

Still only showing one host sending logs, itself. I've got a DC set to send logs to it also, and it's not getting there:

Code: Select all

2017-07-06 10:30:26 INFO nxlog-ce-2.9.1347 started
2017-07-06 10:30:26 INFO connecting to nagioslog01-cv2.whisystems.com:3515
2017-07-06 10:30:27 INFO reconnecting in 1 seconds
2017-07-06 10:30:27 ERROR couldn't connect to tcp socket on nagioslog01-cv2.whisystems.com:3515; No connection could be made because the target machine actively refused it.  
2017-07-06 10:30:28 INFO connecting to nagioslog01-cv2.whisystems.com:3515
2017-07-06 10:30:29 INFO reconnecting in 2 seconds
2017-07-06 10:30:29 ERROR couldn't connect to tcp socket on nagioslog01-cv2.whisystems.com:3515; No connection could be made because the target machine actively refused it.  
2017-07-06 10:30:31 INFO connecting to nagioslog01-cv2.whisystems.com:3515
2017-07-06 10:30:32 INFO reconnecting in 4 seconds
2017-07-06 10:30:32 ERROR couldn't connect to tcp socket on nagioslog01-cv2.whisystems.com:3515; No connection could be made because the target machine actively refused it.  
2017-07-06 10:30:36 INFO connecting to nagioslog01-cv2.whisystems.com:3515
2017-07-06 10:30:37 INFO reconnecting in 8 seconds
2017-07-06 10:30:37 ERROR couldn't connect to tcp socket on nagioslog01-cv2.whisystems.com:3515; No connection could be made because the target machine actively refused it.  

And yes, it pings.

[bpizzutiWHI]

Oh, if it helps, here's my 000_inputs.conf. 3515 is the right port for the Windows listener:

Code: Select all

[bpizzuti@nagioslog01-cv2 ~]$ cat 000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Thu, 06 Apr 2017 22:35:08 -0400
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
    syslog {
        type => 'esx_syslog'
        port => 1514
    }
    syslog {
        type => 'pdu_syslog'
        port => 2514
    }
}

#
# Local inputs
#

[cdienger]

The service is likely having problems starting up due to other permission problems. I would do another fresh install but before running the install change the umask to 0022:

Code: Select all

umask 0022

[bpizzutiWHI]

Re-done as requested, it still didn't write the conf files to /usr/local/nagioslogserver/logstash/etc/conf.d/. Put my configs in manually, and logstash.log still shows "{:timestamp=>"2017-07-07T09:15:53.295000-0400", :message=>"The error reported is: \n pattern %{COMMONAPACHELOG2} not defined"}"

[tacolover101]

could you post your entire install.log? if memory serves me right, you're missing another logstash file which maps how it should handle COMMONAPACHELOG2 for grok, similar to this - https://github.com/elastic/logstash/blo ... k-patterns

[scottwilkerson]

I think you have a filter set to use COMMONAPACHELOG2 which doesn't exist, you likely need to adjust your filters, find the filter that is using

Code: Select all

%{COMMONAPACHELOG2}

replace with

Code: Select all

%{COMMONAPACHELOG2}

and then apply configuration

[bpizzutiWHI]

install.log:

Code: Select all

Nagios Log Server Installation
==============================
DATE: Fri Jul  7 08:52:33 EDT 2017

DISTRO INFO:
CentOS
7.3.1611
x86_64

Running 'setup_local_syslog'...
Redirecting to /bin/systemctl restart  rsyslog.service
setup_local_syslog step completed OK
Running 'prereqs'...
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.tripadvisor.com
 * extras: ftpmirror.your.org
 * updates: cosmos.illinois.edu
Package byacc-1.9.20130304-3.el7.x86_64 already installed and latest version
Package cairo-devel-1.14.2-1.el7.x86_64 already installed and latest version
Package gcc-4.8.5-11.el7.x86_64 already installed and latest version
Package glib2-devel-2.46.2-4.el7.x86_64 already installed and latest version
Package glibc-2.17-157.el7_3.4.x86_64 already installed and latest version
Package 1:java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.x86_64 already installed and latest version
Package libxml2-devel-2.9.1-6.el7_2.3.x86_64 already installed and latest version
Package 1:make-3.82-23.el7.x86_64 already installed and latest version
Package 1:net-snmp-5.7.2-24.el7_3.2.x86_64 already installed and latest version
Package 1:net-snmp-utils-5.7.2-24.el7_3.2.x86_64 already installed and latest version
Package ntp-4.2.6p5-25.el7.centos.2.x86_64 already installed and latest version
Package 1:openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest version
Package patch-2.7.1-8.el7.x86_64 already installed and latest version
Package pango-devel-1.36.8-2.el7.x86_64 already installed and latest version
Package perl-ExtUtils-MakeMaker-6.68-3.el7.noarch already installed and latest version
Package sendmail-8.14.7-4.el7.x86_64 already installed and latest version
Package php-cli-5.4.16-42.el7.x86_64 already installed and latest version
Package pyOpenSSL-0.13.1-3.el7.x86_64 already installed and latest version
Package sudo-1.8.6p7-23.el7_3.x86_64 already installed and latest version
Package sysstat-10.1.5-11.el7.x86_64 already installed and latest version
Package unzip-6.0-16.el7.x86_64 already installed and latest version
Package zip-3.0-11.el7.x86_64 already installed and latest version
Package net-tools-2.0-0.17.20131004git.el7.x86_64 already installed and latest version
Package php-ldap-5.4.16-42.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-45.el7.centos.4 will be installed
---> Package php.x86_64 0:5.4.16-42.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package      Arch          Version                        Repository      Size
================================================================================
Installing:
 httpd        x86_64        2.4.6-45.el7.centos.4          updates        2.7 M
 php          x86_64        5.4.16-42.el7                  base           1.4 M

Transaction Summary
================================================================================
Install  2 Packages

Total download size: 4.1 M
Installed size: 14 M
Downloading packages:
--------------------------------------------------------------------------------
Total                                              4.7 MB/s | 4.1 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : httpd-2.4.6-45.el7.centos.4.x86_64                           1/2 
  Installing : php-5.4.16-42.el7.x86_64                                     2/2 
  Verifying  : php-5.4.16-42.el7.x86_64                                     1/2 
  Verifying  : httpd-2.4.6-45.el7.centos.4.x86_64                           2/2 

Installed:
  httpd.x86_64 0:2.4.6-45.el7.centos.4        php.x86_64 0:5.4.16-42.el7       

Complete!
 7 Jul 08:52:51 ntpdate[30016]: adjust time server 10.200.5.10 offset -0.008361 sec
Requirement already up-to-date: pip in /usr/lib/python2.7/site-packages
Cleaning up...
Requirement already satisfied: argparse in /usr/lib/python2.7/site-packages
Requirement already satisfied: jsonselect in /usr/lib/python2.7/site-packages
Collecting elasticsearch-curator==3.4.0
  Using cached elasticsearch_curator-3.4.0-py2.py3-none-any.whl
Requirement already satisfied: elasticsearch<2.1.0,>=1.8.0 in /usr/lib/python2.7/site-packages (from elasticsearch-curator==3.4.0)
Requirement already satisfied: click>=3.3 in /usr/lib/python2.7/site-packages (from elasticsearch-curator==3.4.0)
Requirement already satisfied: urllib3<2.0,>=1.8 in /usr/lib/python2.7/site-packages (from elasticsearch<2.1.0,>=1.8.0->elasticsearch-curator==3.4.0)
Installing collected packages: elasticsearch-curator
Successfully installed elasticsearch-curator-3.4.0
prereqs step completed OK
Running 'sourceguardian'...
Installing sourceguardian...
Archive:  sourceguardian/ixed4.lin.x86-64.zip
  inflating: /usr/lib64/php/modules/ixed.5.4.lin  
Sourceguardian extension found for PHP version 5.4
Sourceguardian extension already in php.ini
sourceguardian step completed OK
Running 'timezone'...
timezone step completed OK
Running 'nagioslogserver'...
nagioslogserver step completed OK
Running 'backend'...
Installing Elasticsearch...
Elasticsearch installed OK
Installing Logstash...
Applying Nagios patches to Logstash...
Logstash installed OK
Installing Kibana...
Kibana installed OK
Generating unique id...
backend step completed OK
Running 'install_mibs'...
install_mibs step completed OK
Running 'sudoers'...
sudoers step completed OK
Running 'firewall'...
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
firewall step completed OK
Running 'selinux'...
selinux step completed OK
Running 'test_cluster_connection'...
test_cluster_connection step completed OK
Running 'daemons'...
Note: Forwarding request to 'systemctl enable ntpd.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
Note: Forwarding request to 'systemctl disable ntpd.service'.
Removed symlink /etc/systemd/system/multi-user.target.wants/ntpd.service.
Note: Forwarding request to 'systemctl enable httpd.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Note: Forwarding request to 'systemctl disable httpd.service'.
Removed symlink /etc/systemd/system/multi-user.target.wants/httpd.service.
daemons step completed OK
Running 'webroot'...
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
webroot step completed OK

Nagios Log Server Installation Success!

You can finish the final setup steps for Nagios Log Server by visiting:
    http:///nagioslogserver/

[scottwilkerson]

I think you have a filter set to use COMMONAPACHELOG2 which doesn't exist, you likely need to adjust your filters, find the filter that is using

Code: Select all

%{COMMONAPACHELOG2}

replace with

Code: Select all

%{COMMONAPACHELOG2}

and then apply configuration

Sorry, the above should have said the following removing the 2 in the 2nd

you likely need to adjust your filters, find the filter that is using

Code: Select all

%{COMMONAPACHELOG2}

replace with

Code: Select all

%{COMMONAPACHELOG}

and then apply configuration