[netflow-tools] CentOS Logsocket Issues

Nick Cappelletti nick at switchtower.org
Sun Apr 14 23:55:53 EST 2013 

By default, selinux is turned off in the server kicks I have, but I did give it a try.  I was also wrong about Debian, I /was/ having issues, but it was failing first on the pid file location.  I think I was hopeful because the error was different. ;)

I'll keep looking, but is there a chance the problems could be related to a kernel change?  The 0.9.1 release hasn't been updated in some time, and even though it a great tool, could there be issues with something new in the OS's?

--Nick Cappelletti


On Apr 13, 2013, at 6:00 PM, Craig Weinhold wrote:

> Not sure if this is what you're seeing, but I've had a bear of a time with selinux, the invisible security layer which is enabled by default in Centos.
> 
> For example, if you configure /etc/syslog.conf with "$AddUnixListenSocket /var/empty/dev/log"  and then launch rsyslogd by hand, it creates the unix socket fine and then you can have it process flowd's log messages. But if you launch rsyslogd from the /etc/init.d/rsyslog script, it can't create the unix socket and doesn't log any error message at all. Tat's selinux at work in the background.
> 
> You can quickly disable selinux to see if that's the cause of your woes:
> 
>  echo 0 >/selinux/enforce
> 
> If that is the problem, then you _should_ spend time to figure out how to make your stuff work with selinux. It's a headache.  Use "ls -Z" to see what security characteristics each file has, and then use "chcon" to change the file type. For example, to fix the /etc/init.d/rsyslog script, I did this:
> 
>  chcon -t etc_t /etc/init.d/rsyslog
> 
> -Craig
> 
> 
> 
> 
> On Sat, 13 Apr 2013, Nick Cappelletti wrote:
> 
>> Hey everyone, 
>> 
>> I hope someone can help me out here. I'm attempting to configure flowd to send the created flows to a socket on a CentOS 6.4 server, but I'm not having any success. 
>> 
>> I'm using version 0.9.1 and I've tested it on a Debian server, so I know the logsocket functionality works. 
>> 
>> Is there perhaps a package I need to install to get the logsocket functionality to work? 
>> 
>> Here is my configuration: 
>> 
>> #### 
>> 
>> pidfile "/var/run/flowd.pid" 
>> logsock "/var/log/flowdata.socket" 
>> logfile "/var/flowdata" 
>> listen on 0.0.0.0:9995 
>> listen on [::]:9995 
>> store ALL 
>> accept all 
>> 
>> #### 
>> 
>> Here is the output from when I run flowd in debug mode: 
>> 
>> #### 
>> 
>> read_config: entering 
>> child_get_config: entering 
>> drop_privs: dropping privs without chroot 
>> send_config: entering fd = 4 
>> send_config: done 
>> child_get_config: child config done 
>> recv_config: entering fd = 3 
>> recv_config: ready to receive config 
>> Listener for [0.0.0.0]:9995 fd = 3 
>> Adjusted socket receive buffer from 229376 to 524288 
>> Setting socket send buf to 1024 
>> Listener for [::]:9995 fd = 4 
>> Adjusted socket receive buffer from 229376 to 524288 
>> Setting socket send buf to 1024 
>> privsep_init: entering 
>> drop_privs: dropping privs with chroot 
>> init_pfd: entering (num_fds = 0) 
>> init_pfd: done (num_fds = 3) 
>> client_open_log: entering 
>> answer_open_log: entering 
>> client_open_socket: entering 
>> answer_open_socket: entering 
>> connect to logsock: No such file or directory 
>> receive_fd: recvmsg: expected received 1 got 0 
>> 
>> ### 
>> 
>> Thanks for any help! 
>> 
>> --Nick Cappelletti 
>>

More information about the netflow-tools mailing list