how to identify the port on which Rsyslog running? - syslog

I am trying to setup the flume agent to collect the log events from Rsyslog, but I dont have root permission/sudoer to figure out which port syslog is running on/ and where it is running on TCP or UDP so I can configure flume agent accordingly.
Is there any way to know exactly what is the port that Rsyslog deamon running on?
Below are command that I have used to identify Rsyslog Deamon process
ldnpsr000001131$ ps -ef | grep syslog
root 4874 1 0 Feb04 ? 00:00:14 /sbin/rsyslogd -i /var/run/syslogd.pid -c 4

You may try netstat -natupel |grep syslog and you'll get all connections : active and listening

Related

How to test if a port is open to NebulaGrpah Database

I know that ports 9779 and 9669 need to be opened to NebulaGraph Database. How to test that these ports are open and available?
Port:9779 has been opened for NebulaGraph Database. Is there a configuration sample for reference?
Interesting question, you could do this in many ways, I'll drop some of them:
Assuming you are on a linux machine, you could check all occupied ports with ss or netstats(depending on whether is modern or old) like:
$ ss -plunt | grep 9669
tcp LISTEN 0 4096 0.0.0.0:9669 0.0.0.0:*
tcp LISTEN 0 4096 [::]:9669 [::]:*
And this means 9669 is already occupied in all IPv6 and IPv4 interfaces.
Or, you could try to bind that port to see if it's possible like:
$ python3 -m http.server 9779
Serving HTTP on :: port 9779 (http://[::]:9779/) ...
And if the HTTP server can be listening in this port, it means you are free to use it, it's available!
Or you may use Telnet.
For example:
telnet 10.0.0.1 9669
Search it for detailed instructions.

Unable to reach Google Compute over port 9000

I have a google compute running CentOS 7, and I wrote up a quick test to try and communicate with it over port 9000 (from my home PC) - but I'm unexpectedly getting network errors.
This happens both with my test script (which attempts to send a payload) and even with plink.exe (which I'm just using to check the port availability).
>plink.exe -v -raw -P 9000 <external_IP>
Connecting to <external_IP> port 9000
Failed to connect to <external_IP>: Network error: Connection refused
Network error: Connection refused
FATAL ERROR: Network error: Connection refused
I've added my external IP to googles firewall (https://console.cloud.google.com/networking/firewalls) and set to allow ingress traffic over port 9000 (it's the lowest priority, at 1000)
I also updated firewalld in CentOS to allow TCP traffic over the port:
Redirecting to /bin/systemctl start firewalld.service
[foo#bar ~]$ sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent
success
[foo#bar ~]$ sudo firewall-cmd --reload
success
I've confirmed my listener is running on port 9000
[foo#bar ~]$ netstat -npae | grep 9000
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1000 18381 1201/python3
By default, CentOS 7 doesn't use iptables (just to be sure, I confirmed it wasn't running)
Am I missing something?
NOTE: Actual external IP replaced with <external_IP> placeholder
Update:
If I nmap my listener over port 9000 from the CentOS 7 compute instance over a local IP, like 127.0.0.1 I get some results. Interestingly, if I make the same nmap call over the servers external IP -- nadda. So this has to be a firewall, right?
external call
[foo#bar~]$ nmap <external_IP> -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 00:33 UTC
Nmap scan report for <external_IP>.bc.googleusercontent.com (<external_IP>)
Host is up (0.00043s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 4.87 seconds
Internal Call
[foo#bar~]$ nmap 127.0.0.1 -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 04:36 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
9000/tcp open cslistener
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
In this case software running on the backend VM must be listening any IP (0.0.0.0 or ::), your's is listening to "127.0.0.1:9000" and it should be "0.0.0.0:9000".
The way to fix that it's to change the service config to listen to 0.0.0.0 instead of 127.0.0.1 .
Cheers.

Websites do not respond on port 80, nginx die periodically

I have a periodical problem in a server with Plesk, the Port 80 is not listened but 7080 is listened so the websites do not respond on the Port 80.
#netstat -tlpn | grep :80
#netstat -tlpn | grep :7080
tcp 0 0 :::7080 :::* LISTEN 3009/httpd
# plesk sbin nginxmng -s
Enabled
I resolve this problem executing the following commands but after few minutes the problem returns periodically:
pkill -9 nginx
# service nginx start
Starting nginx: [ OK ]
# /usr/local/psa/admin/bin/nginxmng -d
# /usr/local/psa/admin/bin/nginxmng -e
# service nginx restart
Starting nginx: [ OK ]
Source: https://support.plesk.com/hc/en-us/articles/213926725-Websites-do-not-respond-on-80-port-but-respond-properly-on-7080-port
How can i finally fix this error? I am thinking to add a crontab running the commands that i have used to solve the error but i think that it is not a good idea.

zabbix server connecting to mariadb host: can't connect to local MySQL server through socket

I have a Dockerized Zabbix server (3.4) connecting to a CentOS 7 host w/ Mariadb.
This one works fine:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.version
mysql Ver 15.1 Distrib 5.5.56-MariaDB, for Linux (x86_64) using readline 5.1
This one does not:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.ping
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)'
Check that mysqld is running and that the socket: '/var/lib/mysql/mysql.sock' exists!
From /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf:
UserParameter=mysql.version,mysql -V
UserParameter=mysql.ping,HOME=/etc/zabbix mysqladmin ping | grep -c alive
It does read the .my.cnf in the HOME dir, when change host=localhost to host=127.0.0.1 I get:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.ping
mysqladmin: connect to server at '127.0.0.1' failed
error: 'Can't connect to MySQL server on '127.0.0.1' (13)'
Check that mysqld is running on 127.0.0.1 and that the port is 3306.
You can check this by doing 'telnet 127.0.0.1 3306'
Also tried adding the username and password directly in the command, but same result:
UserParameter=mysql.ping,mysqladmin -uroot --password="mypassword" ping | grep -c alive
Running that command on the host works fine:
mysqladmin -uroot --password="mypassword" ping | grep -c alive
1
The agent itself seems to run fine:
$ sudo -u zabbix zabbix_agentd -t mysql.ping
mysql.ping [t|1]
Socket is available:
# ls -l /var/lib/mysql/mysql.sock
srwxrwxrwx. 1 mysql mysql 0 Nov 5 18:01 /var/lib/mysql/mysql.sock
Process details:
# ps -ef | grep mysqld
mysql 3218 1 0 18:01 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql 3488 3218 99 18:01 ? 06:08:26 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
systemd+ 6547 6530 0 Oct31 ? 00:06:15 mysqld --character-set-server=utf8 --collation-server=utf8_bin
Any suggestions?
Note: don't think it is relevant but just in case, on the host I also have a Dockerized mysql running on port 3307
localhost/127.0.0.1 in the container is not the same as localhost/127.0.0.1 on the host, because of cgroup network namespacing. Use proper IP in .my.cnf or run container in the host network namespace (docker run --net host ...).
If you want to use a socket for MySQL connection from the container, then you will need to use Docker volumes. You may have problems with socket permissions, socket owner, ... I recommend IP connecting approach.
The cause is selinux. selinux is prohibiting the Zabbix agent from accessing the mysql socket file and possibly other resources.
Run tail -f /var/log/audit/audit.log while you try zabbix_get and you'll see the denials in real-time.
Then you'll need to devise an selinux policy that enables access as needed.

Nagios - check if a process is listening to a port

Is there any command which checks that a certain process is listening to a port.
I have tried check_tcp but it does not output which process is listening to a port
Its output was:
TCP OK - 0.000 second response time on port 8443|time=0.000421s;;;0.000000;10.000000
I didn't see anything on the Nagios Plugins Exchange to meet your needs, so I wrote one to be used with NRPE.
https://github.com/jlyoung/nagios_check_listening_port_linux
Output looks like this:
[root#joeyoung.io ~]# python /usr/lib/nagios/plugins/nagios_check_listening_port_linux.py -n nginx -p 80
OK. nginx found listening on port 80 for the following address(es): [0.0.0.0] | 'listening_on_expected_port'=1;;;;
[root#joeyoung.io ~]# python /usr/lib/nagios/plugins/nagios_check_listening_port_linux.py -n nginx -p 9999
CRITICAL - No process named nginx could be found listening on port 9999 | 'listening_on_expected_port'=0;;;;

Resources