Nagios Support Forum

tgriep wrote:Try disabling the firewall and see if the server starts to receive the logs.
Also, verify that the input is still configured in the Logserver's GUI and that it is enabled.

I received LOGs moment iptables wrre stopped. What is wrong with iptables(?)

you aren't allowing traffic on port 514

scottwilkerson wrote:you aren't allowing traffic on port 514

Code: Select all

iptables -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT
iptables-save

and it stopped receiving all the syslogs..

can you post the output of

scottwilkerson wrote:can you post the output of

Code: Select all

cat /etc/sysconfig/iptables

login as: root
[email protected]'s password:
Last login: Tue Jan 22 19:28:24 2019 from 10.104.116.201

[root@fikc-naglsprod01 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Wed Jan 16 15:47:46 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4344:3251345]
-A INPUT -p tcp -m tcp --dport 4450 -j ACCEPT
-A INPUT -p udp -m udp --dport 4450 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4448 -j ACCEPT
-A INPUT -p udp -m udp --dport 4448 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3516 -j ACCEPT
-A INPUT -p udp -m udp --dport 4447 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4447 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4446 -j ACCEPT
-A INPUT -p udp -m udp --dport 4446 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2057 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2056 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5544 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4444 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4445 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3515 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9300:9400 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5667 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5666 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3516 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4448 -j ACCEPT
-A INPUT -p udp -m udp --dport 4448 -j ACCEPT
-A INPUT -p udp -m udp --dport 514 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Jan 16 15:47:46 2019
[root@fikc-naglsprod01 ~]#

And it si still does not work

The firewall is blocking the inbound connections as the INPUT for port 514 should be above all of the REJECTS.

First check the line number by running the following. Delete the rule based on the line number by running this Add the rule back in using the line number from the above command. Put it below the 5666 rule. To save the rules, run this as root. Test to see if the logs come in.
You may also want to do this for the 4448 rules.

tgriep wrote:The firewall is blocking the inbound connections as the INPUT for port 514 should be above all of the REJECTS.

First check the line number by running the following.

Code: Select all

iptables -nL --line-numbers

Delete the rule based on the line number by running this

Code: Select all

iptables -D INPUT {line}

Add the rule back in using the line number from the above command. Put it below the 5666 rule.

Code: Select all

iptables -A INPUT {line} -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT

To save the rules, run this as root.

Code: Select all

iptables-save

Test to see if the logs come in.
You may also want to do this for the 4448 rules.

Thank you Tom

Worked as a mix of editing iptables file and usisng commands
Please close the thread

Thanks for the update! Glad to hear you got it working!