auditlog discrepencies

[SteveBeauchemin]

I notice that the Nagios XI GUI auditlog shows items that are not in the OS auditlog.log file.

For example:
GUI auditlog
- 2 lines - good data

Code: Select all

2019-02-05 13:57:10	980298	Nagios XI	INFO	admin-user	localhost	cmdsubsys: User submitted a command to Nagios Core: SCHEDULE_FORCED_SVC_CHECK;host.domain.com;Check_Proc_Util_McAfee_Agent;1549396620
2019-02-05 13:57:09	980297	Nagios XI	INFO	admin-user	111.111.112.129	User submitted a command to the subsystem (ID=16)

same data:
/usr/local/nagiosxi/var/components/auditlog.log
- only one line - detail data is not there

Code: Select all

019-02-05 13:57:09 - Nagios XI [32] admin-user:111.111.112.129 - User submitted a command to the subsystem (ID=16)

I really need to get all the data to that OS file. Why is one different from the other?

Please advise.

Thanks

Steve B

[SteveBeauchemin]

Is this one of those "you run mod_gearman and downgraded nagios core to 4.2" things?

I just tested it on a pure 5.5.9 clean install and it worked okay.

ugh... Please advise...

Steve B

[SteveBeauchemin]

Just noticed.

Not getting any more of these in auditlog.log

Code: Select all

2019-02-05 07:32:02 - Nagios CCM [4] system:localhost - File imported - File \[overwrite flag\]: /usr/local/nagios/etc/import/host.cfg \[1\]

And I should have a ton every day. They are in the GUI. Not in the OS file. What gives?

Please advise.

Steve B

[SteveBeauchemin]

Okay.

So...

Check this out...

Code: Select all

drwsrwsr-x 3 apache nagios      113 Feb  6 12:59 .
drwxr-xr-x 7 nagios nagios     4096 Feb  6 13:05 ..
-rw-r--r-- 1 apache nagios    17813 Feb  6 13:01 auditlog.log
-rw-rw-r-- 1 apache nagios 17468296 Aug 12  2017 auditlog.log-2019-02-05

I had renamed my auditlog.log to the name shown above.

So there was no audit file. I let the system create it.

When the system created a new blank file, it did so using 644 for the permissions.

Code: Select all

-rw-r--r-- 1 apache nagios

When those are the permissions, I get partial data in the log file.

When I change the permissions to 664 the file starts to get the rest of the data.

So it seems that both the apache user AND the nagios user need to write to that file.

Did you do that to intentionally drive me crazy? Short drive you know.

Please let me know that this will be addressed in a future release.

Steve B

[cdienger]

I'm able to reproduce and will file a bug for this. Thanks for bringing it to our attention.

[SteveBeauchemin]

Thank you. I hate being the only one with an issue.

Please close this now... Still waiting for a reply to my other post...

Steve B

[cdienger]

locking.