Log Source - SE linux mode - NagiosLS configuration

[Techmnagioslsuser]

Hello Team,

We are trying to add linux log source to Nagios Log Server. as per our Security team we have to keep SELinux in enforcing mode only.
when we tried with setup-linux.sh in enforcing mode logs did not reach Nagios Log server.

Our Unix team did few changes keeping SELinux enforcing mode. (pfa - enforcing mode_changes )
after these changes when we ran the script setup-linux.sh only system logs are sent to nagios log server , application logs did not reach nagios log server. We observed below error.

imfile: on startup file '/apps/raiddev/raidfmsdev/servers/fms/instances/fms/log/fms.log' does not exist but is configured in static file monitor - this may indicate a misconfiguration. If the file appears at a later time, it will automatically be processed. Reason: Permission denied [v8.24.0-57.el7_9]

We also tried Manual rsyslog configuration with file path & file tag, still observed same error.

When we tried permissive mode , we are able to see all application logs. BUt permissive mode is not allowed as per our security policy.

Please suggest if there is any solution for this SELinux mode.

Thanks

[benjaminsmith]

HI,

Thanks for contacting Nagios Support. Since there is a ticket open for the same issue, we'll follow up on the ticket shortly, and close this forum topic.