Hi i'm trying to config haproxy/rsyslog so that ONLY haproxy info log is sent to ryslog via unix sock.
Here my config:
haproxy config
frontend MY_FRONT_END
log 127.0.0.1 /var/log/haproxy/dev/log info
bind *:12080
default_backend HTTP_BACKEND
rsyslog config
$ModLoad imuxsock
$InputUnixListenSocketCreatePath on
$InputUnixListenSocketHostName localhost
$AddUnixListenSocket /var/log/haproxy/dev/log
*.info /var/log/haproxy/access.log
However, what i see in the log is not just haproxy log, the log contain all the info that not relate to haproxy (the first three log lines)
Dec 28 20:28:12 localhost sudo: testaccount : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/sh -c ip addr show
Dec 28 20:28:12 localhost sudo: testaccount : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/sh -c ip route
Dec 28 20:28:13 localhost sudo: testaccount : TTY=pts/1 ; PWD=/var/log/haproxy ; USER=root ; COMMAND=/sbin/service haproxy restart
Dec 28 20:28:13 localhost polkitd[59350]: Registered Authentication Agent for unix-process:32995:43061437 (system bus name :1.28346 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_CA.UTF-8)
Dec 28 20:28:13 localhost systemd: Stopping HAProxy Load Balancer...
Dec 28 20:28:13 localhost haproxy: [WARNING] 362/202813 (30706) : Exiting Master process...
Dec 28 20:28:13 localhost haproxy: [NOTICE] 362/202813 (30706) : haproxy version is 2.2.6
Dec 28 20:28:13 localhost haproxy: [NOTICE] 362/202813 (30706) : path to executable is /usr/local/sbin/haproxy
Dec 28 20:28:13 localhost haproxy: [ALERT] 362/202813 (30706) : Current worker #1 (30708) exited with code 143 (Terminated)
Dec 28 20:28:13 localhost haproxy: [WARNING] 362/202813 (30706) : All workers exited. Exiting... (0)
Dec 28 20:28:13 localhost systemd: Starting HAProxy Load Balancer...
Dec 28 20:28:13 localhost haproxy[33016]: Proxy MY_FRONT_END started.
Dec 28 20:28:13 localhost haproxy[33016]: Proxy HTTP_BACKEND started.
Dec 28 20:28:13 localhost haproxy: [NOTICE] 362/202813 (33016) : New worker #1 (33018) forked
Dec 28 20:28:13 localhost systemd: Started HAProxy Load Balancer.
Dec 28 20:28:13 localhost polkitd[59350]: Unregistered Authentication Agent for unix-process:32995:43061437 (system bus name :1.28346, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_CA.UTF-8) (disconnected from bus)
Dec 28 20:28:13 localhost sudo: testaccount : TTY=pts/1 ; PWD=/var/log/haproxy ; USER=root ; COMMAND=/sbin/service rsyslog restart
How do i config to achieve this (only send haproxy info log to rsyslog through unix sock) ?
The correct answer is probably to use a ruleset to embrace just the imuxsock part, but I don't know how to do that in legacy syntax.
A simpler solution that is less optimal is to check for the programname in the log item. To also match for severity levels 0 to 6 (emerg to info) gives the result:
if $programname=="haproxy" and $syslogseverity<=6 then /var/log/haproxy/access.log
I'm not sure, but you could alternatively try just moving your configuration earlier in the file, before the standard logging code, but then your haproxy logs would appear in the standard logs too unless you use something like
*.info /var/log/haproxy/access.log
*.* stop
where stop stops further processing of that input.
Related
I am unable to restart my apache server to successfully install the SSL certificates.
I get the following error
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
I have tried several articles and the root cause seems to be the following
Mar 29 13:05:09 localhost.localdomain httpd\[1234546\]: (98)Address already in use: AH00072: make_sock: could not bind to address \[::\]:80
Mar 29 13:05:09 localhost.localdomain httpd\[1234546\]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
I am able to diagnose the issue and get the following output and is also attached. I am unable to proceed further. Can you please help ?
Server - AlmaLinux 8
Host - IONOS
Server version: Apache/2.4.37 (AlmaLinux)
-- Unit session-62994.scope has finished starting up.
-
-- Unit session-62994.scope has finished starting up.
-
-- The unit session-62994.scope has successfully entered the 'dead' state.
Mar 31 06:07:10 localhost.localdomain dhclient\[1326\]: XMT: Solicit on ens192, interval 110600ms.
Mar 31 06:07:10 localhost.localdomain dhclient\[1326\]: RCV: Advertise message on ens192 from fe80::250:56ff:fe8c:84c6.
Mar 31 06:07:10 localhost.localdomain dhclient\[1326\]: RCV: Advertise message on ens192 from fe80::250:56ff:fe9a:f13a.
Mar 31 06:07:30 localhost.localdomain sshd\[1297516\]: Invalid user sui from 167.99.68.65 port 48488
Mar 31 06:07:30 localhost.localdomain sshd\[1297516\]: pam_unix(sshd:auth): check pass; user unknown
Mar 31 06:07:30 localhost.localdomain sshd\[1297516\]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.68.65
Mar 31 06:07:32 localhost.localdomain sshd\[1297516\]: Failed password for invalid user sui from 167.99.68.65 port 48488 ssh2
Mar 31 06:07:34 localhost.localdomain sshd\[1297516\]: Received disconnect from 167.99.68.65 port 48488:11: Bye Bye \[preauth\]
Mar 31 06:07:34 localhost.localdomain sshd\[1297516\]: Disconnected from invalid user sui 167.99.68.65 port 48488 \[preauth\]
Mar 31 06:07:44 localhost.localdomain unix_chkpwd\[1297520\]: password check failed for user (root)
Mar 31 06:07:44 localhost.localdomain sshd\[1297518\]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.27 user=root
Mar 31 06:07:46 localhost.localdomain sshd\[1297518\]: Failed password for root from 61.177.173.27 port 58626 ssh2
Mar 31 06:07:46 localhost.localdomain unix_chkpwd\[1297521\]: password check failed for user (root)
\[root#localhost \~\]# ss --listening --tcp --numeric --processes
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:\* users:(("nginx",pid=1087,fd=10),("nginx",pid=1086,fd=10),("nginx",pid=1084,fd=10))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:\* users:(("sshd",pid=1335,fd=5))
LISTEN 0 128 0.0.0.0:443 0.0.0.0:\* users:(("nginx",pid=1087,fd=11),("nginx",pid=1086,fd=11),("nginx",pid=1084,fd=11))
LISTEN 0 128 \[::\]:22 \[::\]:\* users:(("sshd",pid=1335,fd=7))
LISTEN 0 80 \*:3306 *:* users:(("mysqld",pid=1098,fd=19))
Tried -
apachectl configtest - Result: syntax ok
setenforce 0
I'm running Debian 10 with bitcoind configured as a systemd service that accesses the tor service via localhost. Every reboot the bitcoind error log is filled with the following, and tor services seem to be stuck in a non-working state.
2020-11-18T03:38:30Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-11-18T03:38:30Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-11-18T03:38:31Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-11-18T03:38:31Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
Upon startup systemctl status tor returns the following, indicating tor started successfully
tor.service - Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2020-11-17 19:54:04 PST; 4min 19s ago
Process: 413 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 413 (code=exited, status=0/SUCCESS)
Nov 17 19:54:04 cryptoDaemon systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Nov 17 19:54:04 cryptoDaemon systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
However tail -f /var/log/tor/notices.log indicates tor hasn't started. There are no entries after the reboot.
If I restart tor.service with sudo systemctl restart tor the error immediately disappears and bitcoind starts to function over tor correctly. This indicates to me that the tor service itself is not starting properly after reboot.
After restarting the service /var/log/notices.log gets new entries:
Nov 17 20:02:22.000 [notice] Tor 0.3.5.10 opening log file.
Nov 17 20:02:22.875 [notice] We compiled with OpenSSL 1010104f: OpenSSL 1.1.1d 10 Sep 2019 and we are running with OpenSSL 1010107f: OpenSSL 1.1.1g 21 Apr 2020. These two versions should be binary compatible.
Nov 17 20:02:22.877 [notice] Tor 0.3.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1g, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Nov 17 20:02:22.877 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 17 20:02:22.877 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Nov 17 20:02:22.877 [notice] Read configuration file "/etc/tor/torrc".
Nov 17 20:02:22.881 [notice] You configured a non-loopback address '10.1.10.20:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Nov 17 20:02:22.881 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 17 20:02:22.881 [notice] Opened Socks listener on 127.0.0.1:9050
Nov 17 20:02:22.881 [notice] Opening Control listener on 127.0.0.1:9051
Nov 17 20:02:22.881 [notice] Opened Control listener on 127.0.0.1:9051
Nov 17 20:02:22.881 [warn] Unable to make /var/lib/tor group-readable: Permission denied
Nov 17 20:02:22.881 [warn] Unable to make /var/lib/tor group-readable: Permission denied
Nov 17 20:02:22.000 [notice] Not disabling debugger attaching for unprivileged users.
Nov 17 20:02:22.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Nov 17 20:02:23.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Nov 17 20:02:23.000 [notice] Bootstrapped 0%: Starting
Nov 17 20:02:23.000 [notice] Starting with guard context "default"
Nov 17 20:02:23.000 [notice] Signaled readiness to systemd
Nov 17 20:02:24.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Nov 17 20:02:24.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Nov 17 20:02:24.000 [notice] Opening Control listener on /run/tor/control
Nov 17 20:02:24.000 [notice] Opened Control listener on /run/tor/control
Nov 17 20:02:24.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 17 20:02:25.000 [notice] Bootstrapped 100%: Done
Further investigation reveals that tor is not starting at boot. /var/log/tor/debug.log is empty after reboot. I can even run systemctl start tor and it starts. systemctl start tor won't mess with a service that is already started, so for some reason systemd isn't starting tor, despite it being enabled. Just for fun I disabled with systemctl disable tor and re-enabled, but to no avail.
Any ideas why tor doesn't start?
I also use this server as a Tor SOCKS proxy on the LAN using SOCKSPORT IP.OF.SERVER:9050 in torrc. disabling this and the associated SOCKSPolicy accept IP.OF.SERVER/24 fixed the issue. If anybody has any insight as to why tor behaves this way and doesn't log why, it'd be appreciated.
I fixed it by overriding the systemd configuration for the tor service since i Need the tor Proxy to listen to an actual network interface.
/etc/systemd/system/tor#default.service.d/override.conf
[Unit]
After=network.target nss-lookup.target network-online.target
Wants=network-online.target
Easy way to create the file is systemctl edit tor#default.service
I am trying to start a django project using an AWS EC2 linux server using putty on windows, however Apache2 is showing an error related to the fact that the address is already used as shown in the next code:
apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2020-07-25 19:51:59 UTC; 2min 7s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 15022 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Jul 25 19:51:59 ip-172-31-4-25 apachectl[15022]: AH00558: apache2: Could not reliably determine
the server's fully qualified domain name, using 127.0.0.1. Set the 'Serv
Jul 25 19:51:59 ip-172-31-4-25 apachectl[15022]: (98)Address already in use: AH00072: make_sock:
could not bind to address [::]:80
Jul 25 19:51:59 ip-172-31-4-25 apachectl[15022]: (98)Address already in use: AH00072: make_sock:
could not bind to address 0.0.0.0:80
Jul 25 19:51:59 ip-172-31-4-25 apachectl[15022]: no listening sockets available, shutting down
Jul 25 19:51:59 ip-172-31-4-25 apachectl[15022]: AH00015: Unable to open logs
Jul 25 19:51:59 ip-172-31-4-25 apachectl[15022]: Action 'start' failed.
Jul 25 19:51:59 ip-172-31-4-25 apachectl[15022]: The Apache error log may have more information.
Jul 25 19:51:59 ip-172-31-4-25 systemd[1]: apache2.service: Control process exited, code=exited,
status=1/FAILURE
Jul 25 19:51:59 ip-172-31-4-25 systemd[1]: apache2.service: Failed with result 'exit-code'.
Jul 25 19:51:59 ip-172-31-4-25 systemd[1]: Failed to start The Apache HTTP Server.
I already tried to verify the status of the network using the next code, but the failure still the same.
systemctl status apache2.service
I also tried to verify the service listening ports using the next code, and the output was:
bitnami#ip-172-31-4-25:~$ sudo netstat -ntlp | grep 80
tcp6 0 0 :::80 :::* LISTEN 15122/httpd
I would appreciate any recommendation on it.
Check Skype, if its running then close first and then start Apache service.
Skype also use port 80.
I was starting the postgresql service by
systemctl start postgresql.service
It was raising an error as below
Job for postgresql.service failed. See "systemctl status postgresql.service" and "journalctl -xn" for details.
Please help how to start the service through command line in linux?
Output for journalctl -xn
osboxes:/home/osboxes # journalctl -xn
-- Logs begin at Wed 2015-04-08 10:08:38 BST, end at Tue 2016-03-22 14:15:07 GMT. --
Mar 22 14:09:03 osboxes wickedd[824]: eno16777760: Notified neighbours about IP address 192.168
Mar 22 14:09:03 osboxes wickedd[824]: route ipv4 0.0.0.0/0 via 192.168.182.2 dev eno16777760 ty
Mar 22 14:09:04 osboxes wickedd[824]: Skipping hostname update, none available
Mar 22 14:15:01 osboxes cron[9120]: pam_unix(crond:session): session opened for user root by (u
Mar 22 14:15:01 osboxes systemd[9121]: pam_unix(systemd-user:session): session opened for user
Mar 22 14:15:01 osboxes CRON[9120]: pam_unix(crond:session): session closed for user root
Mar 22 14:15:01 osboxes systemd[9122]: pam_unix(systemd-user:session): session closed for user
Mar 22 14:15:07 osboxes postgresql[9160]: Initializing PostgreSQL 9.3.11 at location ~postgres/
Mar 22 14:15:07 osboxes postgresql[9160]: ..failed
Mar 22 14:15:07 osboxes postgresql[9160]: You can find a log of the initialisation in ~postgres
Installed Varnish from yum; but immediate error when initiating via systemctl.
Jul 28 14:11:54 localhost.localdomain varnishd[6546]: .init_func = VGC_function_vcl_init,
Jul 28 14:11:54 localhost.localdomain varnishd[6546]: .fini_func = VGC_function_vcl_fini,
Jul 28 14:11:54 localhost.localdomain varnishd[6546]: };
Jul 28 14:11:54 localhost.localdomain varnishd[6557]: Assert error in main(), mgt/mgt_main.c line 686:
Jul 28 14:11:54 localhost.localdomain varnishd[6557]: Condition((daemon(1,0)) == 0) not true.
Jul 28 14:11:54 localhost.localdomain varnishd[6557]: errno = 19 (No such device)
Jul 28 14:11:54 localhost.localdomain systemd[1]: Failed to read PID from file /var/run/varnish.pid: Invalid argument
Jul 28 14:11:54 localhost.localdomain systemd[1]: varnish.service never wrote its PID file. Failing.
Jul 28 14:11:54 localhost.localdomain systemd[1]: Failed to start Varnish a high-perfomance HTTP accelerator.
Jul 28 14:11:54 localhost.localdomain systemd[1]: Unit varnish.service entered failed state.
SELinux is disabled; package was installed via root. This is a fresh install.
Looks like you need to reboot. ;)
The message:
Failed to read PID from file /var/run/varnish.pid Invalid argument
is non-critical. It is just systemd trying to read the pidfile too early. You can poll status with:
systemctl status varnish
If its "Main PID" entry is matching the contents of /var/run/varnish.pid(and if varnishd is started via systemd, it always does), you can ignore that message. This is fixed in later versions of systemd.