[netflow-tools] CentOS Logsocket Issues

Craig Weinhold craig.weinhold at cdw.com
Sun Apr 14 08:00:11 EST 2013 

Not sure if this is what you're seeing, but I've had a bear of a time with selinux, the invisible security layer which is enabled by default in Centos.

For example, if you configure /etc/syslog.conf with "$AddUnixListenSocket /var/empty/dev/log"  and then launch rsyslogd by hand, it creates the unix socket fine and then you can have it process flowd's log messages. But if you launch rsyslogd from the /etc/init.d/rsyslog script, it can't create the unix socket and doesn't log any error message at all. Tat's selinux at work in the background.

You can quickly disable selinux to see if that's the cause of your woes:

   echo 0 >/selinux/enforce

If that is the problem, then you _should_ spend time to figure out how to make your stuff work with selinux. It's a headache.  Use "ls -Z" to see what security characteristics each file has, and then use "chcon" to change the file type. For example, to fix the /etc/init.d/rsyslog script, I did this:

   chcon -t etc_t /etc/init.d/rsyslog

-Craig




On Sat, 13 Apr 2013, Nick Cappelletti wrote:

> Hey everyone, 
> 
> I hope someone can help me out here. I'm attempting to configure flowd to send the created flows to a socket on a CentOS 6.4 server, but I'm not having any success. 
> 
> I'm using version 0.9.1 and I've tested it on a Debian server, so I know the logsocket functionality works. 
> 
> Is there perhaps a package I need to install to get the logsocket functionality to work? 
> 
> Here is my configuration: 
> 
> #### 
> 
> pidfile "/var/run/flowd.pid" 
> logsock "/var/log/flowdata.socket" 
> logfile "/var/flowdata" 
> listen on 0.0.0.0:9995 
> listen on [::]:9995 
> store ALL 
> accept all 
> 
> #### 
> 
> Here is the output from when I run flowd in debug mode: 
> 
> #### 
> 
> read_config: entering 
> child_get_config: entering 
> drop_privs: dropping privs without chroot 
> send_config: entering fd = 4 
> send_config: done 
> child_get_config: child config done 
> recv_config: entering fd = 3 
> recv_config: ready to receive config 
> Listener for [0.0.0.0]:9995 fd = 3 
> Adjusted socket receive buffer from 229376 to 524288 
> Setting socket send buf to 1024 
> Listener for [::]:9995 fd = 4 
> Adjusted socket receive buffer from 229376 to 524288 
> Setting socket send buf to 1024 
> privsep_init: entering 
> drop_privs: dropping privs with chroot 
> init_pfd: entering (num_fds = 0) 
> init_pfd: done (num_fds = 3) 
> client_open_log: entering 
> answer_open_log: entering 
> client_open_socket: entering 
> answer_open_socket: entering 
> connect to logsock: No such file or directory 
> receive_fd: recvmsg: expected received 1 got 0 
> 
> ### 
> 
> Thanks for any help! 
> 
> --Nick Cappelletti 
>

More information about the netflow-tools mailing list