Nagios Support Forum

I have recently been volunteered to get your product running and am having several issues. The previous admin has been trying to get the log server running for a few months as a side project and has not been successful as of yet. I attempted to solve the previous install and build attempts but recently gave up due to selinux issues and php issues. I am currently using a new fresh install of 7.2 and have the system STIG'd minus SELinux, which is disabled for install and testing purposes. First, for whatever reason the services under 'System Status' will never stop spinning and show good. Second, everything under the 'Configuration Editor' panel does absolutely nothing aside form the snapshots which are functioning as far as I can tell. I have attached a few screenshots and the cluster health.

{
"cluster_name" : "fbdac5b2-2584-49a0-a8a5-ab4df2406fed",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 15,
"active_shards" : 15,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 15,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0
}

TEWLS wrote:I am currently using a new fresh install of 7.2 and have the system STIG'd minus SELinux

I would highly recommend running the fullinstall script against a clean, minimal RHEL machine before applying the STIG. Once you have verified all the important bits of the GUI are functioning as intended, incrementally working through the STIG and seeing if any functionality is lost is probably the only way we would ever be able to troubleshoot this setup. We don't do internal testing/development against STIGd machines.

Having worked on a few other machines with STIG requirements, I can tell you they are difficult to troubleshoot when applying the STIG before installing Nagios Log Server.

I was hoping that would not be the answer as I didn't think about it until after I had finished the STIGing process. On a side note can I install and use PHP 7.1 assuming I can get an updated version of SecureGuardian on the machine? Using 5.6 requires an exception for all of the machines I run this on and I really hate doing all that paperwork.

TEWLS wrote:On a side note can I install and use PHP 7.1 assuming I can get an updated version of SecureGuardian on the machine?

Your thinking is correct, but our build machine is still using the PHP 5.6 version of SourceGuardian so that won't work. We also haven't started developing/testing against PHP 7 yet.

Still the same issues. This is a completely fresh install of CentOS7.3 this time, the only thing is ipv6 is turned off. I had to modify your fullinstall script to get the application to install and I had to change the ownership of /var/www/html/nagioslogserver to apache to get to this point though. The services under System Status never start, the buttons on the Global Configuration page do nothing (as well as all the pages in that top panel), and I cannot create an instance for the local machine.

Can you share the parts of fullinstall that were modified as well as the install.log containing the errors prior to the modifications?

# Install prereqs
if [ "$distro" == "Ubuntu" ] || [ "$distro" == "Debian" ]; then

export DEBIAN_FRONTEND=noninteractive
export PERL_MM_USE_DEFAULT=1

if [ "$dist" == "ubuntu16" ]; then
phpdeps="php php-cli php-curl php-ldap"
else
#phpdeps="php5 php5-cli php5-curl php5-ldap"
phpdeps="php56w php56w-cli php56w-curl php56w-ldap"
fi

pkgs="byacc curl libcairo2-dev gcc libglib2.0-dev libc6 openjdk-7-jdk libxml2-dev make snmp ntp openssl patch libpango1.0-dev sendmail-bin apache2 python-openssl sudo sysstat unzip zip net-tools $phpdeps"
apt-get -y update
apt-get -y install $pkgs

# Install perl modules from CPAN instead of random packages from distros
cpan install CPAN ||:
cpan install ExtUtils::MakeMaker ||:
else
#pkgs="byacc cairo-devel gcc glib2-devel glibc java-1.7.0-openjdk libxml2-devel make net-snmp net-snmp-utils ntp openssl patch pango-devel perl-ExtUtils-MakeMaker sendmail httpd php php-cli pyOpenSSL sudo sysstat unzip zip net-tools php-ldap"
pkgs="byacc cairo-devel gcc glib2-devel glibc java-1.8.0-openjdk libxml2-devel make net-snmp net-snmp-utils ntp openssl mod_ssl patch pango-devel perl-ExtUtils-MakeMaker sendmail httpd php56w php56w-cli pyOpenSSL sudo sysstat unzip zip net-tools php56w-ldap"
yum -y update
yum -y install $pkgs
fi

# Set date/time because ssl certificates can be in the future... (fix for pypi and get-pip)
if [ "$distro" == "Ubuntu" ] || [ "$distro" == "Debian" ] || [ "distro" == "CentOS" ]; then
ntpq -p
else
ntpdate -u pool.ntp.org
fi


The error log is just errors with mirrors and GPG keys.

EDIT: Also SourceGuardian doesn't start. I updated the version when I reinstalled it..
php -i |grep SourceGuardian
SourceGuardian
SourceGuardian Loader Support => enabled
SourceGuardian Loader Version => 11.0.6
SourceGuardian Loader Build Number => 0x00000018

It looks like you modified the install script to use php56w instead of the regular PHP we install from the repositories. At this point, my guess is you're still missing an additional PHP dependency from this repository. Our install scripts do not take custom repositories into account, as they are made to work with standard current repos. At this time they are still using PHP 5.3 which is what we account for.

Additionally, what OS are you trying to install on? While the install script mentions Ubuntu / Debian - our supported systems are still limited to minimal CentOS/RHEL installs.

If you're having problems, simply spin up a fresh minmal ISO of CentOS/RHEL 6/7 and deploy from there - it should work like a charm. Depending if pool.ntp.org is reachable or not by your org, you made the correct commenting there.

The issue with using 5.3 is that it is incredibly out of data and no longer supported as stated here. There is no possibly way to get this approved. You stated earlier your build machine was running 5.6 though so It sounds like that isn't an issue it just isn't updated in the install. At this point I installed every possible PHP 5.6 package and every dependency possibly so I don't think it is PHP.

This is a current fresh build of CentOS7 with ipv6 turned off and the machine set to a static address. The ntp stuff was because I copied over the previous admin's work when I started and that was there; doing a diff shows all the changes were in the pre-install portion of the script.

I get the feeling we purchased several licenses of a product we will never be able to use

EDIT: I just installed a new fresh install of CentOS 7.3 I just downloaded from their site with literally nothing added and the install did not work; this means no wget, no vim, no net utils, nothing static'd, ipv6 running, no firewall, and getting to the internet through my phone. I had to change the ownership of /var/www/html/nagioslogserver to apache before I could start the webpage still and nothing on those few pages functions.


EDIT2: Do you guys know which services all need to be running because I am seeing issues like this: logstash.service loaded active exited LSB: Logstash

elasticsearch, logstash, and httpd are the bare-minimal services the platform requires. cron is also used but disabling cron wouldn't cause any presentation layer issues.

My best guess is some sort of Javascript blocking is occurring either at the network layer or on the client-side. The few STIGd systems i've worked with ended up having some sort of Javascript blocking/filtering occurring and our front-end uses async AJAX calls frequently.

Just to rule PHP out, can I see the full output of:
Can I also see the output of these commands:

TEWLS wrote:I just installed a new fresh install of CentOS 7.3 I just downloaded from their site with literally nothing added and the install did not work

I was unable to replicate this using the following image:
http://mirror.oss.ou.edu/centos/7/isos/ ... l-1611.iso