manage_services.sh flooding /var/log/sudo-io ....

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
vishfx
Posts: 134
Joined: Tue Apr 24, 2018 12:30 pm

manage_services.sh flooding /var/log/sudo-io ....

Post by vishfx »

Hi NagiosXI Team,

NagiosXI 5.5.5 ( installed from nagiosxi repo)
OS: RHEL 7.5

I noticed that /var/log/sudo-io is excessively flooding every 20s with the below :
This is filling /var/log pretty rapidly to 100% disk usage.
How to avoid this ?

Code: Select all

Oct 26 21:48:01 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W3 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status nagios
Oct 26 21:48:01 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W4 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status npcd
Oct 26 21:48:01 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W5 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status ndo2db
Oct 26 21:48:21 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W6 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status nagios
Oct 26 21:48:21 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W7 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status npcd
Oct 26 21:48:21 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W8 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status ndo2db
Oct 26 21:48:42 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W9 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status nagios
Oct 26 21:48:42 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8WA ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status npcd
Oct 26 21:48:42 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8WB ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status ndo2db
Regards,
Vish.
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: manage_services.sh flooding /var/log/sudo-io ....

Post by ssax »

You should be able to change the /etc/sudoers entries that are filling it up by adding the NOLOG_INPUT: NOLOG_OUTPUT: to them.

For example, here are the defaults:

Code: Select all

NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
Here are the modified ones with logging disabled:

Code: Select all

NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
If you make the changes, make sure to restart apache as well:

Code: Select all

service httpd restart
Top
Locked

Return to “Nagios XI”