Page 2 of 2
Re: Problems installing to bare metal Cent7
Posted: Thu Jul 06, 2017 9:21 am
by bpizzutiWHI
It's not quite a "corporate" build but it's set up the way my Linux guys always set up their boxes. If you want to summarize the specific CentOS install options that you guys recommend then I can find out what they did different.
Incidentally, I have those config files from the demo I ran, but then I get this:
{:timestamp=>"2017-07-06T10:12:02.554000-0400", :message=>"The error reported is: \n pattern %{COMMONAPACHELOG2} not defined"}
Re: Problems installing to bare metal Cent7
Posted: Thu Jul 06, 2017 9:32 am
by bpizzutiWHI
cdienger wrote:
-run umask. My lab machine shows 0022
I've got 0002
cdienger wrote:
-sudoers should contain:
~~
# NEEDED TO ALLOW NAGIOS TO CHECK SERVICE STATUS
Defaults:nagios !requiretty
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_init_service
# ASTERISK-SPECIFIC CHECKS
# NOTE: You can uncomment the following line if you are monitoring Asterisk locally
#nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_asterisk_sip_peers.sh, /usr/local/nagios/libexec/nagisk.pl, /usr/sbin/asterisk
These last two sections were missing. Might be why System Status was showing two green checkmarks instead of the actual service status. That's technically a bug I guess: failure to check status shouldn't show up as an OK status.
Still only showing one host sending logs, itself. I've got a DC set to send logs to it also, and it's not getting there:
Code: Select all
2017-07-06 10:30:26 INFO nxlog-ce-2.9.1347 started
2017-07-06 10:30:26 INFO connecting to nagioslog01-cv2.whisystems.com:3515
2017-07-06 10:30:27 INFO reconnecting in 1 seconds
2017-07-06 10:30:27 ERROR couldn't connect to tcp socket on nagioslog01-cv2.whisystems.com:3515; No connection could be made because the target machine actively refused it.
2017-07-06 10:30:28 INFO connecting to nagioslog01-cv2.whisystems.com:3515
2017-07-06 10:30:29 INFO reconnecting in 2 seconds
2017-07-06 10:30:29 ERROR couldn't connect to tcp socket on nagioslog01-cv2.whisystems.com:3515; No connection could be made because the target machine actively refused it.
2017-07-06 10:30:31 INFO connecting to nagioslog01-cv2.whisystems.com:3515
2017-07-06 10:30:32 INFO reconnecting in 4 seconds
2017-07-06 10:30:32 ERROR couldn't connect to tcp socket on nagioslog01-cv2.whisystems.com:3515; No connection could be made because the target machine actively refused it.
2017-07-06 10:30:36 INFO connecting to nagioslog01-cv2.whisystems.com:3515
2017-07-06 10:30:37 INFO reconnecting in 8 seconds
2017-07-06 10:30:37 ERROR couldn't connect to tcp socket on nagioslog01-cv2.whisystems.com:3515; No connection could be made because the target machine actively refused it.
And yes, it pings.
Re: Problems installing to bare metal Cent7
Posted: Thu Jul 06, 2017 9:34 am
by bpizzutiWHI
Oh, if it helps, here's my 000_inputs.conf. 3515 is the right port for the Windows listener:
Code: Select all
[bpizzuti@nagioslog01-cv2 ~]$ cat 000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Thu, 06 Apr 2017 22:35:08 -0400
#
#
# Global inputs
#
input {
syslog {
type => 'syslog'
port => 5544
}
tcp {
type => 'eventlog'
port => 3515
codec => json {
charset => 'CP1252'
}
}
tcp {
type => 'import_raw'
tags => 'import_raw'
port => 2056
}
tcp {
type => 'import_json'
tags => 'import_json'
port => 2057
codec => json
}
syslog {
type => 'esx_syslog'
port => 1514
}
syslog {
type => 'pdu_syslog'
port => 2514
}
}
#
# Local inputs
#
Re: Problems installing to bare metal Cent7
Posted: Thu Jul 06, 2017 2:41 pm
by cdienger
The service is likely having problems starting up due to other permission problems. I would do another fresh install but before running the install change the umask to 0022:
Re: Problems installing to bare metal Cent7
Posted: Fri Jul 07, 2017 8:24 am
by bpizzutiWHI
Re-done as requested, it still didn't write the conf files to /usr/local/nagioslogserver/logstash/etc/conf.d/. Put my configs in manually, and logstash.log still shows "{:timestamp=>"2017-07-07T09:15:53.295000-0400", :message=>"The error reported is: \n pattern %{COMMONAPACHELOG2} not defined"}"
Re: Problems installing to bare metal Cent7
Posted: Fri Jul 07, 2017 10:39 am
by tacolover101
could you post your entire install.log? if memory serves me right, you're missing another logstash file which maps how it should handle COMMONAPACHELOG2 for grok, similar to this -
https://github.com/elastic/logstash/blo ... k-patterns
Re: Problems installing to bare metal Cent7
Posted: Fri Jul 07, 2017 11:23 am
by scottwilkerson
I think you have a filter set to use COMMONAPACHELOG2 which doesn't exist, you likely need to adjust your filters, find the filter that is using
replace with
and then apply configuration
Re: Problems installing to bare metal Cent7
Posted: Fri Jul 07, 2017 12:41 pm
by bpizzutiWHI
install.log:
Code: Select all
Nagios Log Server Installation
==============================
DATE: Fri Jul 7 08:52:33 EDT 2017
DISTRO INFO:
CentOS
7.3.1611
x86_64
Running 'setup_local_syslog'...
Redirecting to /bin/systemctl restart rsyslog.service
setup_local_syslog step completed OK
Running 'prereqs'...
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.tripadvisor.com
* extras: ftpmirror.your.org
* updates: cosmos.illinois.edu
Package byacc-1.9.20130304-3.el7.x86_64 already installed and latest version
Package cairo-devel-1.14.2-1.el7.x86_64 already installed and latest version
Package gcc-4.8.5-11.el7.x86_64 already installed and latest version
Package glib2-devel-2.46.2-4.el7.x86_64 already installed and latest version
Package glibc-2.17-157.el7_3.4.x86_64 already installed and latest version
Package 1:java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.x86_64 already installed and latest version
Package libxml2-devel-2.9.1-6.el7_2.3.x86_64 already installed and latest version
Package 1:make-3.82-23.el7.x86_64 already installed and latest version
Package 1:net-snmp-5.7.2-24.el7_3.2.x86_64 already installed and latest version
Package 1:net-snmp-utils-5.7.2-24.el7_3.2.x86_64 already installed and latest version
Package ntp-4.2.6p5-25.el7.centos.2.x86_64 already installed and latest version
Package 1:openssl-1.0.1e-60.el7_3.1.x86_64 already installed and latest version
Package patch-2.7.1-8.el7.x86_64 already installed and latest version
Package pango-devel-1.36.8-2.el7.x86_64 already installed and latest version
Package perl-ExtUtils-MakeMaker-6.68-3.el7.noarch already installed and latest version
Package sendmail-8.14.7-4.el7.x86_64 already installed and latest version
Package php-cli-5.4.16-42.el7.x86_64 already installed and latest version
Package pyOpenSSL-0.13.1-3.el7.x86_64 already installed and latest version
Package sudo-1.8.6p7-23.el7_3.x86_64 already installed and latest version
Package sysstat-10.1.5-11.el7.x86_64 already installed and latest version
Package unzip-6.0-16.el7.x86_64 already installed and latest version
Package zip-3.0-11.el7.x86_64 already installed and latest version
Package net-tools-2.0-0.17.20131004git.el7.x86_64 already installed and latest version
Package php-ldap-5.4.16-42.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-45.el7.centos.4 will be installed
---> Package php.x86_64 0:5.4.16-42.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.6-45.el7.centos.4 updates 2.7 M
php x86_64 5.4.16-42.el7 base 1.4 M
Transaction Summary
================================================================================
Install 2 Packages
Total download size: 4.1 M
Installed size: 14 M
Downloading packages:
--------------------------------------------------------------------------------
Total 4.7 MB/s | 4.1 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : httpd-2.4.6-45.el7.centos.4.x86_64 1/2
Installing : php-5.4.16-42.el7.x86_64 2/2
Verifying : php-5.4.16-42.el7.x86_64 1/2
Verifying : httpd-2.4.6-45.el7.centos.4.x86_64 2/2
Installed:
httpd.x86_64 0:2.4.6-45.el7.centos.4 php.x86_64 0:5.4.16-42.el7
Complete!
7 Jul 08:52:51 ntpdate[30016]: adjust time server 10.200.5.10 offset -0.008361 sec
Requirement already up-to-date: pip in /usr/lib/python2.7/site-packages
Cleaning up...
Requirement already satisfied: argparse in /usr/lib/python2.7/site-packages
Requirement already satisfied: jsonselect in /usr/lib/python2.7/site-packages
Collecting elasticsearch-curator==3.4.0
Using cached elasticsearch_curator-3.4.0-py2.py3-none-any.whl
Requirement already satisfied: elasticsearch<2.1.0,>=1.8.0 in /usr/lib/python2.7/site-packages (from elasticsearch-curator==3.4.0)
Requirement already satisfied: click>=3.3 in /usr/lib/python2.7/site-packages (from elasticsearch-curator==3.4.0)
Requirement already satisfied: urllib3<2.0,>=1.8 in /usr/lib/python2.7/site-packages (from elasticsearch<2.1.0,>=1.8.0->elasticsearch-curator==3.4.0)
Installing collected packages: elasticsearch-curator
Successfully installed elasticsearch-curator-3.4.0
prereqs step completed OK
Running 'sourceguardian'...
Installing sourceguardian...
Archive: sourceguardian/ixed4.lin.x86-64.zip
inflating: /usr/lib64/php/modules/ixed.5.4.lin
Sourceguardian extension found for PHP version 5.4
Sourceguardian extension already in php.ini
sourceguardian step completed OK
Running 'timezone'...
timezone step completed OK
Running 'nagioslogserver'...
nagioslogserver step completed OK
Running 'backend'...
Installing Elasticsearch...
Elasticsearch installed OK
Installing Logstash...
Applying Nagios patches to Logstash...
Logstash installed OK
Installing Kibana...
Kibana installed OK
Generating unique id...
backend step completed OK
Running 'install_mibs'...
install_mibs step completed OK
Running 'sudoers'...
sudoers step completed OK
Running 'firewall'...
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
[91mFirewallD is not running[00m
firewall step completed OK
Running 'selinux'...
selinux step completed OK
Running 'test_cluster_connection'...
test_cluster_connection step completed OK
Running 'daemons'...
Note: Forwarding request to 'systemctl enable ntpd.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
Note: Forwarding request to 'systemctl disable ntpd.service'.
Removed symlink /etc/systemd/system/multi-user.target.wants/ntpd.service.
Note: Forwarding request to 'systemctl enable httpd.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Note: Forwarding request to 'systemctl disable httpd.service'.
Removed symlink /etc/systemd/system/multi-user.target.wants/httpd.service.
daemons step completed OK
Running 'webroot'...
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
webroot step completed OK
Nagios Log Server Installation Success!
You can finish the final setup steps for Nagios Log Server by visiting:
http:///nagioslogserver/
Re: Problems installing to bare metal Cent7
Posted: Fri Jul 07, 2017 1:33 pm
by scottwilkerson
scottwilkerson wrote:I think you have a filter set to use COMMONAPACHELOG2 which doesn't exist, you likely need to adjust your filters, find the filter that is using
replace with
and then apply configuration
Sorry, the above should have said the following removing the 2 in the 2nd
you likely need to adjust your filters, find the filter that is using
replace with
and then apply configuration