Cisco ASA 55xx - syslogs
-
matt.niarhakos
- Posts: 13
- Joined: Tue Oct 27, 2015 9:16 am
Re: Cisco ASA 55xx - syslogs
Thanks. I added both. No dice.
Re: Cisco ASA 55xx - syslogs
You replaced the syslog input entirely? What does it say in the logstash log now?
Former Nagios Employee.
me.
me.
-
matt.niarhakos
- Posts: 13
- Joined: Tue Oct 27, 2015 9:16 am
Re: Cisco ASA 55xx - syslogs
Attached.
You do not have the required permissions to view the files attached to this post.
Re: Cisco ASA 55xx - syslogs
Are you by chance trying to listen on 514 for any of your inputs?
Former Nagios Employee.
me.
me.
-
matt.niarhakos
- Posts: 13
- Joined: Tue Oct 27, 2015 9:16 am
Re: Cisco ASA 55xx - syslogs
These are the configured inputs. None listening on port 514.
You do not have the required permissions to view the files attached to this post.
Re: Cisco ASA 55xx - syslogs
It looks like it still is having issues listening -
What is the full output of ps -ef?
Code: Select all
{:timestamp=>"2016-06-30T10:54:41.137000-0700", :message=>"syslog listener died", :protocol=>:tcp, :address=>"0.0.0.0:5544", :exception=>#<Errno::EADDRINUSE: Address already in use - bind - Address already in use>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:118:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:152:in `tcp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:101:in `run'"], :level=>:warn}
Former Nagios Employee
-
matt.niarhakos
- Posts: 13
- Joined: Tue Oct 27, 2015 9:16 am
Re: Cisco ASA 55xx - syslogs
Code: Select all
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Jun28 ? 00:00:01 /sbin/init
root 2 0 0 Jun28 ? 00:00:00 [kthreadd]
root 3 2 0 Jun28 ? 00:00:00 [migration/0]
root 4 2 0 Jun28 ? 00:00:07 [ksoftirqd/0]
root 5 2 0 Jun28 ? 00:00:00 [migration/0]
root 6 2 0 Jun28 ? 00:00:01 [watchdog/0]
root 7 2 0 Jun28 ? 00:10:07 [events/0]
root 8 2 0 Jun28 ? 00:00:00 [cgroup]
root 9 2 0 Jun28 ? 00:00:00 [khelper]
root 10 2 0 Jun28 ? 00:00:00 [netns]
root 11 2 0 Jun28 ? 00:00:00 [async/mgr]
root 12 2 0 Jun28 ? 00:00:00 [pm]
root 13 2 0 Jun28 ? 00:00:02 [sync_supers]
root 14 2 0 Jun28 ? 00:00:02 [bdi-default]
root 15 2 0 Jun28 ? 00:00:00 [kintegrityd/0]
root 16 2 0 Jun28 ? 00:00:30 [kblockd/0]
root 17 2 0 Jun28 ? 00:00:00 [kacpid]
root 18 2 0 Jun28 ? 00:00:00 [kacpi_notify]
root 19 2 0 Jun28 ? 00:00:00 [kacpi_hotplug]
root 20 2 0 Jun28 ? 00:00:00 [ata/0]
root 21 2 0 Jun28 ? 00:00:00 [ata_aux]
root 22 2 0 Jun28 ? 00:00:00 [ksuspend_usbd]
root 23 2 0 Jun28 ? 00:00:00 [khubd]
root 24 2 0 Jun28 ? 00:00:00 [kseriod]
root 25 2 0 Jun28 ? 00:00:00 [md/0]
root 26 2 0 Jun28 ? 00:00:00 [md_misc/0]
root 27 2 0 Jun28 ? 00:00:00 [khungtaskd]
root 28 2 0 Jun28 ? 00:01:29 [kswapd0]
root 29 2 0 Jun28 ? 00:00:00 [ksmd]
root 30 2 0 Jun28 ? 00:00:09 [khugepaged]
root 31 2 0 Jun28 ? 00:00:00 [aio/0]
root 32 2 0 Jun28 ? 00:00:00 [crypto/0]
root 37 2 0 Jun28 ? 00:00:00 [kthrotld/0]
root 38 2 0 Jun28 ? 00:00:00 [pciehpd]
root 40 2 0 Jun28 ? 00:00:00 [kpsmoused]
root 41 2 0 Jun28 ? 00:00:00 [usbhid_resumer]
root 172 2 0 Jun28 ? 00:00:00 [scsi_eh_0]
root 175 2 0 Jun28 ? 00:00:00 [scsi_eh_1]
root 194 2 0 Jun28 ? 00:00:15 [mpt_poll_0]
root 195 2 0 Jun28 ? 00:00:00 [mpt/0]
root 196 2 0 Jun28 ? 00:00:00 [scsi_eh_2]
root 284 2 0 Jun28 ? 00:01:49 [jbd2/sda1-8]
root 285 2 0 Jun28 ? 00:00:00 [ext4-dio-unwrit]
root 359 1 0 Jun28 ? 00:00:00 /sbin/udevd -d
root 528 2 0 Jun28 ? 00:00:10 [vmmemctl]
root 657 359 0 Jun28 ? 00:00:00 /sbin/udevd -d
root 660 2 0 Jun28 ? 00:00:00 [kstriped]
root 710 2 0 Jun28 ? 00:00:06 [kauditd]
root 738 2 0 Jun28 ? 00:03:07 [flush-8:0]
root 962 1 0 Jun28 ? 00:00:41 auditd
root 984 1 0 Jun28 ? 00:00:48 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
dbus 1001 1 0 Jun28 ? 00:00:00 dbus-daemon --system
root 1044 1 0 Jun28 ? 00:00:00 /usr/sbin/sshd
ntp 1055 1 0 Jun28 ? 00:00:02 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
nagios 1086 1 76 Jun28 ? 10-14:50:53 /usr/bin/java -Xms1002m -Xmx1002m -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDump
root 1107 1 0 Jun28 ? 00:00:29 sendmail: accepting connections
smmsp 1116 1 0 Jun28 ? 00:00:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
root 1128 1 0 Jun28 ? 00:00:36 /usr/sbin/httpd
root 1141 1 0 Jun28 ? 00:00:13 crond
root 1214 1 0 Jun28 tty1 00:00:00 /sbin/mingetty /dev/tty1
root 1216 1 0 Jun28 tty2 00:00:00 /sbin/mingetty /dev/tty2
root 1218 1 0 Jun28 tty3 00:00:00 /sbin/mingetty /dev/tty3
root 1220 1 0 Jun28 tty4 00:00:00 /sbin/mingetty /dev/tty4
root 1222 1 0 Jun28 tty5 00:00:00 /sbin/mingetty /dev/tty5
root 1224 1 0 Jun28 tty6 00:00:00 /sbin/mingetty /dev/tty6
root 2774 1141 0 07:26 ? 00:00:00 CROND
nagios 2776 2774 0 07:26 ? 00:00:00 /bin/sh -c /usr/bin/php -q /var/www/html/nagioslogserver/www/index.php poller > /usr/local/nagioslogserver/var/poller.log 2>&1
nagios 2778 2776 0 07:26 ? 00:00:00 /usr/bin/php -q /var/www/html/nagioslogserver/www/index.php poller
root 2809 1141 0 07:27 ? 00:00:00 CROND
nagios 2811 2809 0 07:27 ? 00:00:00 /bin/sh -c /usr/bin/php -q /var/www/html/nagioslogserver/www/index.php poller > /usr/local/nagioslogserver/var/poller.log 2>&1
nagios 2812 2811 0 07:27 ? 00:00:00 /usr/bin/php -q /var/www/html/nagioslogserver/www/index.php poller
root 2842 1141 0 07:28 ? 00:00:00 CROND
root 2843 1141 0 07:28 ? 00:00:00 CROND
nagios 2844 2843 0 07:28 ? 00:00:00 /bin/sh -c /usr/bin/php -q /var/www/html/nagioslogserver/www/index.php poller > /usr/local/nagioslogserver/var/poller.log 2>&1
nagios 2845 2842 0 07:28 ? 00:00:00 /bin/sh -c /usr/bin/php -q /var/www/html/nagioslogserver/www/index.php jobs > /usr/local/nagioslogserver/var/jobs.log 2>&1
nagios 2846 2845 0 07:28 ? 00:00:00 /usr/bin/php -q /var/www/html/nagioslogserver/www/index.php jobs
nagios 2847 2844 0 07:28 ? 00:00:00 /usr/bin/php -q /var/www/html/nagioslogserver/www/index.php poller
root 2870 1044 0 07:28 ? 00:00:00 sshd: root@pts/0
root 2872 2870 0 07:28 pts/0 00:00:00 -bash
root 2886 2872 0 07:28 pts/0 00:00:00 ps -ef
root 27243 1 0 Jun30 ? 00:00:00 runuser -s /bin/sh -c exec /usr/local/nagioslogserver/logstash/bin/logstash agent -f /usr/local/nagioslogserver/logstash/etc/conf.d -l /var/log/logstash/logstash.log -w 4 nagios
nagios 27245 27243 0 Jun30 ? 01:28:38 /usr/bin/java -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp -Xmx500m -Xss2048k -Djffi.boot.library.path=/usr/local/nagioslogserver/logstash
apache 29102 1128 0 Jul10 ? 00:00:28 /usr/sbin/httpd
apache 29103 1128 0 Jul10 ? 00:00:28 /usr/sbin/httpd
apache 29104 1128 0 Jul10 ? 00:00:28 /usr/sbin/httpd
apache 29105 1128 0 Jul10 ? 00:00:28 /usr/sbin/httpd
apache 29106 1128 0 Jul10 ? 00:00:28 /usr/sbin/httpd
apache 29107 1128 0 Jul10 ? 00:00:28 /usr/sbin/httpd
apache 29108 1128 0 Jul10 ? 00:00:27 /usr/sbin/httpd
apache 29109 1128 0 Jul10 ? 00:00:28 /usr/sbin/httpd
Re: Cisco ASA 55xx - syslogs
Have you rebooted the entire server yet? Normally you should not need to do that on a Linux machine, but something is a little off here. Can you please try that and let me know what happens?
Former Nagios Employee.
me.
me.
-
matt.niarhakos
- Posts: 13
- Joined: Tue Oct 27, 2015 9:16 am
Re: Cisco ASA 55xx - syslogs
I actually restarted it this morning. No change.