Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

manage_services.sh flooding /var/log/sudo-io ....

https://support.nagios.com/forum/viewtopic.php?t=50896

Page 1 of 1

manage_services.sh flooding /var/log/sudo-io ....

Posted: Mon Oct 29, 2018 10:51 pm
by vishfx
Hi NagiosXI Team,

NagiosXI 5.5.5 ( installed from nagiosxi repo)
OS: RHEL 7.5

I noticed that /var/log/sudo-io is excessively flooding every 20s with the below :
This is filling /var/log pretty rapidly to 100% disk usage.
How to avoid this ?

Code: Select all

Oct 26 21:48:01 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W3 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status nagios
Oct 26 21:48:01 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W4 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status npcd
Oct 26 21:48:01 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W5 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status ndo2db
Oct 26 21:48:21 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W6 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status nagios
Oct 26 21:48:21 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W7 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status npcd
Oct 26 21:48:21 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W8 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status ndo2db
Oct 26 21:48:42 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8W9 ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status nagios
Oct 26 21:48:42 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8WA ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status npcd
Oct 26 21:48:42 2018 : nagios : TTY=unknown ; CWD=/home/nagios ; USER=root ; TSID=00A8WB ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status ndo2db
Regards,
Vish.

Re: manage_services.sh flooding /var/log/sudo-io ....

Posted: Tue Oct 30, 2018 3:57 pm
by ssax
You should be able to change the /etc/sudoers entries that are filling it up by adding the NOLOG_INPUT: NOLOG_OUTPUT: to them.

For example, here are the defaults:

Code: Select all

NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
Here are the modified ones with logging disabled:

Code: Select all

NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/manage_ssl_config.sh *
NAGIOSXI ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOLOG_INPUT: NOLOG_OUTPUT: NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
If you make the changes, make sure to restart apache as well:

Code: Select all

service httpd restart
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited