MRTG after upgrade to 5.7.3

[opservidores]

Hello,

In crontab, I have this line :
# cat /etc/cron.d/mrtg
*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file /var/lib/mrtg/mrtg.lock --confcache-file /var/lib/mrtg/mrtg.ok --user=nagios --group=nagios


After update to 5.7.3 mrtg file were launched each 5 minutes, and never terminate and the CPU for the NagiosXI Server reach the 100%.
This is a VM, centos 6.10 and we are also using Gearmand.

After some tests, if I remove --user and --group option, mrtg start working normal as before.

Any suggestion?

[cdienger]

What are the permissions on the lock and cache files?

Code: Select all

ll /var/lib/mrtg/mrtg.lock 
ll /var/lib/mrtg/mrtg.ok

Remove these files when mrtg isn't running, set the user and group back in the cron job, and allow the files to be recreated, and see if that helps with the CPU issue.

[opservidores]

What are the permissions on the lock and cache files?

Code: Select all

ll /var/lib/mrtg/mrtg.lock 
ll /var/lib/mrtg/mrtg.ok

Remove these files when mrtg isn't running, set the user and group back in the cron job, and allow the files to be recreated, and see if that helps with the CPU issue.

Hi,
# ll /var/lib/mrtg/mrtg.lock
ls: cannot access /var/lib/mrtg/mrtg.lock: No such file or directory
# ll /var/lib/mrtg/mrtg.lock
-rw-r--r-- 2 nagios nagios 0 Oct 9 16:20 /var/lib/mrtg/mrtg.lock

I have tested and even if we delete the OK or lock i see the threads being created and the problem persists.

The threads are created every 5min and do never ends. So the cpu usage just gets higher until there no cpu left.
If i return to the command without the user and group the threads will take about 1min to finish and they are ended.

[ssax]

The only way I know how to get rid of this issue properly is to migrate to EL7 (you're currently on EL6), for whatever reason EL6 doesn't like the --user=nagios --group=nagios that was added to the /etc/cron.d/mrtg line on some systems.

NOTE: Those --user=nagios --group=nagios options were added to fix a security vulnerability, by following the steps below you are reintroducing that security vulnerability!

You can technically revert that change by editing this file:

Code: Select all

/etc/cron.d/mrtg

Change this:

Code: Select all

*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file /var/lib/mrtg/mrtg.lock --confcache-file /var/lib/mrtg/mrtg.ok --user=nagios --group=nagios

To this:

Code: Select all

*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg --lock-file /var/lib/mrtg/mrtg.lock --confcache-file /var/lib/mrtg/mrtg.ok

NOTE: If you upgrade XI it will likely replace your changes (it was added because of a vulnerability) and you'll need to re-implement the changes.

My recommendation would be for you to migrate to EL7.

[opservidores]

Thanks for the information.
We will be checking the update of our OS.

[ssax]

Ok, let us know if you have any questions.