Page 1 of 2
Unable to setup Linux device
Posted: Sun Nov 05, 2017 3:21 am
by nathanplatt
[root@enterprise nathan]# curl -s -O
http://82.21.8.155/nagioslogserver/scri ... p-linux.sh
[root@enterprise nathan]# sudo bash setup-linux.sh -s 82.21.8.155 -p 5544
Detected rsyslog 8.24.0
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: 82.21.8.155:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
SELinux is disabled.
ERROR: rsyslog configuration check failed.
[root@enterprise nathan]#
Any ideas?
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 10:41 am
by mcapra
I think that script needs to be updated for rsyslog 8.
Can you share the output of the following commands executed from the CLI of the machine you are trying to configure to ship its logs to Nagios Log Server?
Code: Select all
rsyslogd -f /etc/rsyslog.conf
ps aux | grep log
ls -al /etc/rsyslog*
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 10:45 am
by nathanplatt
Code: Select all
[root@enterprise nathan]# rsyslogd -f /etc/rsyslog.conf
rsyslogd: pidfile '/var/run/syslogd.pid' and pid 96529 already exist.
If you want to run multiple instances of rsyslog, you need to specify
different pid files for them (-i option).
rsyslogd: run failed with error -3000 (see rsyslog.h or try http://www.rsyslog.com/e/3000 to learn what that number means)
[root@enterprise nathan]# ps aux | grep log
dovenull 366 0.0 0.0 46284 4344 ? S 15:07 0:00 dovecot/imap-login
root 846 0.0 0.0 26388 1732 ? Ss 04:57 0:05 /usr/lib/systemd/systemd-logind
root 859 0.0 0.0 219020 4064 ? Ss 04:57 0:00 /usr/bin/abrt-watch-log -F BUG: WARNING: at WARNING: CPU: INFO: possible recursive locking detected ernel BUG at list_del corruption list_add corruption do_IRQ: stack overflow: ear stack overflow (cur: eneral protection fault nable to handle kernel ouble fault: RTNL: assertion failed eek! page_mapcount(page) went negative! adness at NETDEV WATCHDOG ysctl table check failed : nobody cared IRQ handler type mismatch Machine Check Exception: Machine check events logged divide error: bounds: coprocessor segment overrun: invalid TSS: segment not present: invalid opcode: alignment check: stack segment: fpu exception: simd exception: iret exception: /var/log/messages -- /usr/bin/abrt-dump-oops -xtD
root 863 0.0 0.3 724128 48716 ? Ssl 04:57 0:24 /usr/sbin/rsyslogd -n
root 1360 0.0 0.0 6372 616 ? S 04:57 0:00 logger -t xe-daemon
root 1445 0.0 0.0 11808 1304 ? S 04:57 0:02 dovecot/log
dovenull 1450 0.0 0.0 46284 4344 ? S 04:57 0:00 dovecot/imap-login
dovenull 1453 0.0 0.0 46288 4340 ? S 04:57 0:00 dovecot/imap-login
dovenull 1460 0.0 0.0 46288 4344 ? S 04:57 0:00 dovecot/imap-login
dovenull 1467 0.0 0.0 46288 4344 ? S 04:57 0:00 dovecot/imap-login
dovenull 2941 0.0 0.0 46284 4340 ? S 04:57 0:00 dovecot/imap-login
dovenull 2976 0.0 0.0 46288 4344 ? S 04:57 0:00 dovecot/imap-login
dovenull 5709 0.0 0.0 46284 4348 ? S 15:09 0:00 dovecot/imap-login
dovenull 5845 0.0 0.0 46288 4344 ? S 14:19 0:00 dovecot/imap-login
plattnat 6953 0.0 0.3 412188 51024 ? S 13:31 0:00 /opt/plesk/php/7.0/bin/php-cgi -c /home/www-data/system/blog.solblu.uk/etc/php.ini
dovenull 10388 0.0 0.0 46288 4344 ? S 13:32 0:00 dovecot/imap-login
dovenull 12426 0.0 0.0 46284 4340 ? S 15:12 0:00 dovecot/imap-login
dovenull 12543 0.0 0.0 46284 4340 ? S 15:12 0:00 dovecot/imap-login
dovenull 13241 0.0 0.0 46288 4340 ? S 04:57 0:00 dovecot/imap-login
dovenull 13243 0.0 0.0 46284 4344 ? S 04:57 0:00 dovecot/imap-login
dovenull 13335 0.0 0.0 46288 4344 ? S 04:58 0:00 dovecot/imap-login
dovenull 13338 0.0 0.0 46288 4340 ? S 04:58 0:00 dovecot/imap-login
dovenull 13356 0.0 0.0 46288 4344 ? S 04:58 0:00 dovecot/imap-login
dovenull 13358 0.0 0.0 46288 4340 ? S 04:58 0:00 dovecot/imap-login
dovenull 13359 0.0 0.0 46284 4340 ? S 04:58 0:00 dovecot/imap-login
dovenull 13465 0.0 0.0 46288 4340 ? S 04:58 0:00 dovecot/imap-login
dovenull 13468 0.0 0.0 46288 4344 ? S 04:58 0:00 dovecot/imap-login
dovenull 13685 0.0 0.0 46284 4340 ? S 15:12 0:00 dovecot/imap-login
dovenull 14554 0.0 0.0 46284 4344 ? S 15:13 0:00 dovecot/imap-login
dovenull 16998 0.0 0.0 46284 4344 ? S 15:14 0:00 dovecot/imap-login
dovenull 17530 0.0 0.0 46284 4340 ? S 15:14 0:00 dovecot/imap-login
dovenull 20235 0.0 0.0 46284 4344 ? S 13:36 0:00 dovecot/imap-login
dovenull 20444 0.0 0.0 46284 4340 ? S 13:36 0:00 dovecot/imap-login
dovenull 21708 0.0 0.0 46284 4340 ? S 13:37 0:00 dovecot/imap-login
dovenull 23366 0.0 0.0 46284 4340 ? S 13:37 0:00 dovecot/imap-login
dovenull 24038 0.0 0.0 46288 4344 ? S 13:38 0:00 dovecot/imap-login
dovenull 24051 0.0 0.0 46284 4344 ? S 13:38 0:00 dovecot/imap-login
dovenull 27359 0.0 0.0 46284 4344 ? S 15:18 0:00 dovecot/imap-login
dovenull 28115 0.0 0.0 46284 4340 ? S 15:18 0:00 dovecot/imap-login
dovenull 31765 0.0 0.0 46284 4344 ? S 14:30 0:00 dovecot/imap-login
dovenull 36065 0.0 0.0 46284 4344 ? S 14:31 0:00 dovecot/imap-login
plattnat 36255 0.0 0.3 499228 57544 ? S 12:00 0:00 /opt/plesk/php/7.0/bin/php-cgi -c /home/www-data/system/blog.solblu.uk/etc/php.ini
dovenull 36736 0.0 0.0 46284 4344 ? S 11:08 0:00 dovecot/imap-login
dovenull 37101 0.0 0.0 46284 4344 ? S 14:31 0:00 dovecot/imap-login
dovenull 37580 0.0 0.0 46284 4340 ? S 14:32 0:00 dovecot/imap-login
dovenull 38591 0.0 0.0 46284 4340 ? S 15:22 0:00 dovecot/imap-login
dovenull 40599 0.0 0.0 46288 4344 ? S 10:20 0:00 dovecot/imap-login
dovenull 40816 0.0 0.0 46284 4344 ? S 15:23 0:00 dovecot/imap-login
dovenull 40928 0.0 0.0 46284 4348 ? S 15:23 0:00 dovecot/imap-login
dovenull 42590 0.0 0.0 46284 4344 ? S 15:23 0:00 dovecot/imap-login
dovenull 42850 0.0 0.0 46288 4344 ? S 10:21 0:00 dovecot/imap-login
dovenull 43383 0.0 0.0 46288 4348 ? S 10:21 0:00 dovecot/imap-login
dovenull 43644 0.0 0.0 46284 4344 ? S 15:24 0:00 dovecot/imap-login
dovenull 43645 0.0 0.0 46284 4340 ? S 15:24 0:00 dovecot/imap-login
dovenull 44145 0.0 0.0 46284 4340 ? S 15:24 0:00 dovecot/imap-login
dovenull 44165 0.0 0.0 46284 4340 ? S 15:24 0:00 dovecot/imap-login
dovenull 47801 0.0 0.0 46284 4344 ? S 14:36 0:00 dovecot/imap-login
dovenull 47806 0.0 0.0 46284 4348 ? S 14:36 0:00 dovecot/imap-login
dovenull 53757 0.0 0.0 46284 4344 ? S 15:27 0:00 dovecot/imap-login
dovenull 56992 0.0 0.0 46284 4340 ? S 15:29 0:00 dovecot/imap-login
dovenull 57018 0.0 0.0 46284 4344 ? S 14:39 0:00 dovecot/imap-login
dovenull 60153 0.0 0.0 46284 4344 ? S 15:30 0:00 dovecot/imap-login
dovenull 64690 0.0 0.0 46288 4348 ? S 11:19 0:00 dovecot/imap-login
dovenull 64891 0.0 0.0 46288 4344 ? S 11:19 0:00 dovecot/imap-login
dovenull 68174 0.0 0.0 46284 4344 ? S 15:33 0:00 dovecot/imap-login
dovenull 68945 0.0 0.0 46284 4344 ? S 10:31 0:00 dovecot/imap-login
dovenull 70731 0.0 0.0 46284 4344 ? S 15:34 0:00 dovecot/imap-login
dovenull 71064 0.0 0.0 46284 4344 ? S 15:34 0:00 dovecot/imap-login
dovenull 71708 0.0 0.0 46284 4344 ? S 15:34 0:00 dovecot/imap-login
dovenull 75283 0.0 0.0 46284 4344 ? S 14:46 0:00 dovecot/imap-login
dovenull 75487 0.0 0.0 46284 4340 ? S 14:46 0:00 dovecot/imap-login
dovenull 75623 0.0 0.0 46284 4340 ? S 15:36 0:00 dovecot/imap-login
dovenull 77456 0.0 0.0 46284 4344 ? S 14:47 0:00 dovecot/imap-login
dovenull 78844 0.0 0.0 46284 4340 ? S 15:37 0:00 dovecot/imap-login
dovenull 78964 0.0 0.0 46284 4344 ? S 15:37 0:00 dovecot/imap-login
dovenull 80085 0.0 0.0 46284 4348 ? S 15:38 0:00 dovecot/imap-login
dovenull 83088 0.0 0.0 46284 4340 ? S 15:39 0:00 dovecot/imap-login
dovenull 83827 0.0 0.0 46152 3552 ? S 15:39 0:00 dovecot/imap-login
dovenull 85786 0.0 0.0 46284 4344 ? S 14:50 0:00 dovecot/imap-login
dovenull 85801 0.0 0.0 46284 4344 ? S 14:50 0:00 dovecot/imap-login
dovenull 87484 0.0 0.0 46288 4344 ? S 10:38 0:00 dovecot/imap-login
dovenull 90076 0.0 0.0 46284 4300 ? S 15:41 0:00 dovecot/imap-login
dovenull 90188 0.0 0.0 46152 3552 ? S 15:41 0:00 dovecot/imap-login
dovenull 91016 0.0 0.0 46152 3556 ? S 15:42 0:00 dovecot/imap-login
dovenull 91667 0.0 0.0 46152 3556 ? S 15:42 0:00 dovecot/imap-login
dovenull 91763 0.0 0.0 46152 3556 ? S 15:42 0:00 dovecot/imap-login
dovenull 92708 0.0 0.0 46284 4348 ? S 15:42 0:00 dovecot/imap-login
dovenull 93488 0.0 0.0 46152 3552 ? S 15:43 0:00 dovecot/imap-login
dovenull 93589 0.0 0.0 46284 4344 ? S 15:43 0:00 dovecot/imap-login
dovenull 94059 0.0 0.0 46284 4340 ? S 15:43 0:00 dovecot/imap-login
dovenull 94178 0.0 0.0 46152 3552 ? S 15:43 0:00 dovecot/imap-login
dovenull 94404 0.0 0.0 46284 4280 ? S 15:43 0:00 dovecot/imap-login
dovenull 94431 0.0 0.0 46284 4340 ? S 15:43 0:00 dovecot/imap-login
dovenull 94630 0.0 0.0 46152 3552 ? S 15:43 0:00 dovecot/imap-login
dovenull 94968 0.0 0.0 46152 3556 ? S 15:43 0:00 dovecot/imap-login
root 95217 0.0 0.0 115180 1200 ? Ss 15:44 0:00 /bin/sh -c bash /etc/hetrixtools/hetrixtools_agent.sh >> /etc/hetrixtools/hetrixtools_cron.log 2>&1
dovenull 96210 0.0 0.0 46152 3552 ? S 15:44 0:00 dovecot/imap-login
dovenull 96532 0.0 0.0 46284 4344 ? S 15:44 0:00 dovecot/imap-login
dovenull 96533 0.0 0.0 46152 3556 ? S 15:44 0:00 dovecot/imap-login
dovenull 96536 0.0 0.0 46152 3556 ? S 15:44 0:00 dovecot/imap-login
dovenull 96538 0.0 0.0 46284 4344 ? S 15:44 0:00 dovecot/imap-login
dovenull 96539 0.0 0.0 46284 4336 ? S 15:44 0:00 dovecot/imap-login
dovenull 97074 0.0 0.0 46152 3556 ? S 15:44 0:00 dovecot/imap-login
dovenull 97086 0.1 0.0 46284 4340 ? S 15:44 0:00 dovecot/imap-login
dovenull 97087 0.1 0.0 46284 4344 ? S 15:44 0:00 dovecot/imap-login
dovenull 97206 0.2 0.0 46284 4340 ? S 15:44 0:00 dovecot/imap-login
dovenull 97212 0.2 0.0 46284 4348 ? S 15:44 0:00 dovecot/imap-login
dovenull 97217 0.0 0.0 46152 3556 ? S 15:44 0:00 dovecot/imap-login
dovenull 97317 0.0 0.0 46152 3556 ? S 15:44 0:00 dovecot/imap-login
dovenull 97319 0.0 0.0 46152 3556 ? S 15:44 0:00 dovecot/imap-login
root 97432 0.0 0.0 114716 976 pts/0 S+ 15:44 0:00 grep --color=auto log
dovenull 103820 0.0 0.0 46284 4344 ? S 10:45 0:00 dovecot/imap-login
dovenull 104423 0.0 0.0 46284 4344 ? S 13:18 0:00 dovecot/imap-login
dovenull 104596 0.0 0.0 46284 4344 ? S 14:58 0:00 dovecot/imap-login
dovenull 110130 0.0 0.0 46288 4344 ? S 14:09 0:00 dovecot/imap-login
dovenull 114452 0.0 0.0 46288 4340 ? S 09:59 0:00 dovecot/imap-login
dovenull 119578 0.0 0.0 46284 4348 ? S 15:03 0:00 dovecot/imap-login
dovenull 123218 0.0 0.0 46288 4340 ? S 15:04 0:00 dovecot/imap-login
dovenull 129297 0.0 0.0 46284 4340 ? S 15:06 0:00 dovecot/imap-login
dovenull 130132 0.0 0.0 46284 4340 ? S 14:17 0:00 dovecot/imap-login
[root@enterprise nathan]# ls -al /etc/rsyslog*
-rw-r--r-- 1 root root 3232 Nov 6 03:37 /etc/rsyslog.conf
-rw-r--r-- 1 root root 3232 Nov 6 03:37 /etc/rsyslog.conf.bak
/etc/rsyslog.d:
total 40
drwxr-xr-x 2 root root 4096 Aug 3 00:57 .
drwxr-xr-x 133 root root 12288 Nov 6 00:01 ..
-rw-r--r-- 1 root root 740 Jan 23 2017 90-nagioslogserver_var_log_httpd_access_log.conf
-rw-r--r-- 1 root root 734 Jan 23 2017 90-nagioslogserver_var_log_httpd_error_log.conf
-rw-r--r-- 1 root root 897 Nov 5 08:19 99-nagioslogserver.conf
-rw-r--r-- 1 root root 56 Nov 6 03:37 cagefs-syslog-socket.conf
-rw-r--r-- 1 root root 56 Nov 6 03:37 cagefs-syslog-socket.conf.bak
-rw-r--r-- 1 root root 49 Aug 10 11:50 listen.conf
[root@enterprise nathan]#
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 11:08 am
by mcapra
Assuming this command looks ok:
You should be fine to comment out lines 194-198 of the script:
Code: Select all
191 # Restart the syslog service so our configuration changes will be used.
192 restart_syslog_service() {
193 # First try verifying the configuration (rsyslog specific).
194 #if ! rsyslogd -f $SYSLOG_CONF_F &> /dev/null; then
195 #error "$SYSLOG_TYPE configuration check failed."
196 #else
197 #echo "$SYSLOG_TYPE configuration check passed."
198 #fi
199
200 # Try using 'service' first.
201 if which service &> /dev/null; then
202 echo "Restarting $SYSLOG_TYPE service with 'service'..."
Let us know if you're still having problems receiving logs.
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 11:11 am
by nathanplatt
Code: Select all
[root@enterprise nathan]# rsyslogd -f /etc/rsyslog.conf -N1
rsyslogd: version 8.24.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: module 'imfile' already in this config, cannot be added [v8.24.0 try http://www.rsyslog.com/e/2221 ]
[root@enterprise nathan]#
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 11:58 am
by mcapra
Interesting, that certainly is a legitimate problem and the script did its job well.
Lets see these outputs to get a better idea of what the current rsyslog config set looks like:
Code: Select all
grep '' /etc/rsyslog.d/*.conf
cat /etc/rsyslog.conf
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 12:26 pm
by nathanplatt
Code: Select all
[root@enterprise nathan]# grep '' /etc/rsyslog.d/*.conf
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$ModLoad imfile
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$InputFilePollInterval 10
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$PrivDropToGroup adm
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$WorkDirectory /var/lib/rsyslog
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:# Input for apache_access
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$InputFileName /var/log/httpd/access_log
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$InputFileTag apache_access:
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$InputFileStateFile nls-state-var_log_httpd_access_log # Must be unique for each file being polled
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:# Uncomment the folowing line to override the default severity for messages
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:# from this file.
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:#$InputFileSeverity info
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$InputFilePersistStateInterval 20000
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:$InputRunFileMonitor
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:# Forward to Nagios Log Server and then discard, otherwise these messages
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:# will end up in the syslog file (/var/log/messages) unless there are other
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:# overriding rules.
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:if $programname == 'apache_access' then @@82.21.8.155:5544
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf:if $programname == 'apache_access' then ~
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$ModLoad imfile
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$InputFilePollInterval 10
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$PrivDropToGroup adm
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$WorkDirectory /var/lib/rsyslog
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:# Input for apache_error
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$InputFileName /var/log/httpd/error_log
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$InputFileTag apache_error:
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$InputFileStateFile nls-state-var_log_httpd_error_log # Must be unique for each file being polled
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:# Uncomment the folowing line to override the default severity for messages
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:# from this file.
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:#$InputFileSeverity info
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$InputFilePersistStateInterval 20000
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:$InputRunFileMonitor
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:# Forward to Nagios Log Server and then discard, otherwise these messages
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:# will end up in the syslog file (/var/log/messages) unless there are other
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:# overriding rules.
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:if $programname == 'apache_error' then @@82.21.8.155:5544
/etc/rsyslog.d/90-nagioslogserver_var_log_httpd_error_log.conf:if $programname == 'apache_error' then ~
/etc/rsyslog.d/99-nagioslogserver.conf:### Begin forwarding rule for Nagios Log Server NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:$WorkDirectory /var/lib/rsyslog # Where spool files will live NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:$ActionQueueFileName nlsFwdRule0 # Unique name prefix for spool files NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:$ActionQueueMaxDiskSpace 1g # 1GB space limit (use as much as possible) NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:$ActionQueueType LinkedList # Use asynchronous processing NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:$ActionResumeRetryCount -1 # Infinite retries if host is down NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:# Remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:*.* @@82.21.8.155:5544 # NAGIOSLOGSERVER
/etc/rsyslog.d/99-nagioslogserver.conf:### End of Nagios Log Server forwarding rule NAGIOSLOGSERVER
/etc/rsyslog.d/cagefs-syslog-socket.conf:$AddUnixListenSocket /usr/share/cagefs-skeleton/dev/log
/etc/rsyslog.d/listen.conf:$SystemLogSocketName /run/systemd/journal/syslog
[root@enterprise nathan]#
Code: Select all
[root@enterprise nathan]# cat /etc/rsyslog.conf
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
[root@enterprise nathan]#
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 12:33 pm
by mcapra
Ah, nope this is a definitely an incompatibility in the script with rsyslog 8.
Essentially, with rsyslog 8, you can't have separate config files loading modules that have already been loaded. This should probably be a bug report if it isn't already.
I believe the fix is to modify either 90-nagioslogserver_var_log_httpd_access_log.conf or 90-nagioslogserver_var_log_httpd_error_log.conf and remove the $ModLoad imfile from the top of one of those files (not both; It needs to exist somewhere, just not in multiple places). Or remove it from both of those files and add it into your main rsyslog.conf, point being it's not allowed to exist in multiple places with rsyslog 8.
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 12:36 pm
by nathanplatt
How can i report it as a bug, also do i make those modifications on Nagios Log Server itself so it pushes these correctly in future or do i have to amend each server?
Re: Unable to setup Linux device
Posted: Mon Nov 06, 2017 5:32 pm
by cdienger
I'll test this just to confirm and can file a bug then. In the meantime, per @mcapra's suggestion, edit either of the config files and remove the offending line:
1. vi /etc/rsyslog.d/90-nagioslogserver_var_log_httpd_access_log.conf
2. move your curser to the line containing $ModLoad imfile
3. hit the 'd' key twice to delete it
4. type :wq <enter> to save changes and quit
5. restart the service with "service rsyslog restart"
I don't have a good way to modify the script on the NLS side of things quite yet.