Hello All,
i am trying to using influx plugin logparser to track httpd logs in > /var/log/httpd/access_log
after modification of the same i get permission denied error as for telegraf not able to access this file
Can anyone assist?
Hi @jackzampolin the file is having the permission of root
-rw-r–r-- 1 root root 2611 Jun 7 18:37 access_log
2017-06-07T23:34:40Z E! Error: procstat getting process, exe: pidfile: pattern: [httpd] user: Failed to execute /usr/bin/pgrep. Error: ‘exit status 1’
2017-06-07T23:34:50Z E! Error: procstat getting process, exe: pidfile: pattern: [httpd] user: Failed to execute /usr/bin/pgrep. Error: ‘exit status 1’
2017/06/07 23:42:20 E! Error parsing /etc/telegraf/telegraf.conf, line 1869: field corresponding tomeasurement' is not defined in*logparser.LogParserPlugin’
[[inputs.logparser]]
1847 # ## Log files to parse.
1848 # ## These accept standard unix glob matching rules, but with the addition of
1849 # ## ** as a “super asterisk”. ie:
1850 # ## /var/log/**.log → recursively find all .log files in /var/log
1851 # ## /var/log//.log → find all .log files with a parent dir in /var/log
1852 # ## /var/log/apache.log → only tail the apache log file
1853 files = [“/var/log/httpd/access_log”]
1854 # ## Read file from beginning.
1855 from_beginning = true
1856 # name_override = “httpd_access_log”
1857 #
1858 # ## Parse logstash-style “grok” patterns:
1859 # ## Telegraf built-in parsing patterns: https://goo.gl/dkay10
1860 # [inputs.logparser.grok]
1861 # ## This is a list of patterns to check the given log file(s) for.
1862 # ## Note that adding patterns here increases processing time. The most
1863 # ## efficient configuration is to have one pattern per logparser.
1864 # ## Other common built-in patterns are:
1865 # ## %{COMMON_LOG_FORMAT} (plain apache & nginx access logs)
1866 # ## %{COMBINED_LOG_FORMAT} (access logs + referrer & agent)
1867 patterns = [“%{COMBINED_LOG_FORMAT}”]
1868 # ## Name of the outputted measurement name.
1869 measurement = “apache_access_log”
1870 # ## Full path(s) to custom pattern files.
1871 # custom_pattern_files =
1872 # ## Custom patterns can also be defined here. Put one pattern per line.
1873 # custom_patterns = ‘’’
1874 # ‘’’
@Sunil_Jacob It looks like you have a misconfigured logparser plugin not a permissions issue. It looks like the permissions issue is coming from the procstat plugin…
@Sunil_Jacob Your logparser config should look as follows:
[[inputs.logparser]]
files = ["/var/log/httpd/access_log"]
from_beginning = false
[inputs.logparser.grok]
patterns = ["%{COMBINED_LOG_FORMAT}"]
measurement = "apache_access_log"
custom_pattern_files = []
custom_patterns = '''
'''
i did the same but not working
EDIT: This is a different error probably. I would say that you should make sure that all logs have correct permissions. I would not recommend giving an agent that runs on multiple hosts root priv.
Because I spent far too much time working on this. Even though this post is old, still going to add solution. In the log we were having similar issues and as a result, host was not showing in chronograf or influx as it causes the agent to fail.
sudo groupadd Telegraf
sudo setfacl -m g:Telegraf:r /var/log/secure
sudo setfacl -m g:Telegraf:r /var/log/yum.log
sudo usermod -a -G Telegraf telegraf
sudo service telegraf restart
Service/agent now starts clean on host and begins reporting data
Followed Steven’s suggested steps…but still my logparser is unable to read nginx’s access.log. I get permission denied.
How to fix?
Thanks in Advance.
Krishna
I’m having same issue as @Krishna_Chaitanya Followed the steps on one Ubuntu server and one Debian 9 that @Steven_Lattin offered.
tail /etc/passwd => telegraf:x:999:999::/etc/telegraf:/bin/false
groups telegraf => telegraf : telegraf sudo Telegraf
ls -al /var/log/apache2/main.access.log returns
root:root
Using sudo setfacl -m g:Telegraf:r /var/log/apache2/main.access.log
And then
getfacl var/log/apache2/main.access.log
returns
file: var/log/apache2/main.access.log
owner: root
group: root
user::rw-
group::r–
group:Telegraf:r–
mask::r–
And I have also copied/pasted the absolute path to ensure that goof wasn’t the reason. So is my use of setfacl incorrect?
Does anyone have the solution?
I have the same problem .
I already started the telegraf with root, I gave the necessary permissões,but I still have access denied.
Hi @Rafael_Braganca ,
what was the command you used to start telegraf with the root user ?
Do you see a telegraf process running started with root ?
@sam452 , can you access the file when you connect as user telegraf ? Have you restarted telegraf ?
Focusing on ubuntu xenial, I’m using service telegraf restart after each change in my /etc/telegraf/telegraf.conf file.
So, since we’re talking systemd here, this is the [Service] contents of /etc/
EnvironmentFile=-/etc/default/telegraf User=telegraf ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d $TELEGRAF_OPTS ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartForceExitStatus=SIGPIPE KillMode=control-group
Here’s the rub on the telegraf user. Following other tutorials, I find that while the telegraf user is a user, it does not have the home directory and does not have listing in the /etc/sudoers file.
Attempting to su - telegraf returns me to the command prompt of the current user, not the telegraf user so I’m unable to assume the telegraf user to test as you suggest. I perceived it was because those type of users only exist to do certain tasks and not to act as a normal user. Please correct me, if needed. Thx.
hi , you can maybe test the telegraf user’s permissions as follows :
sudo -u telegraf head /tmp/inexec.sh
head: cannot open ‘/tmp/inexec.sh’ for reading: Permission denied
sudo -u telegraf head /tmp/parser.in
[17-Jul-2019 21:10:25 UTC] my greedy error message
Thank you for the pointers. In my case, none of those files exist in my /tmp directory. Following on this, running
sudo -u telegraph head var/log/apache2/main.access.logreturns the head: cannot open '/var/log/apache2/access.log' for reading: Permission denied
What other data could I provide to help isolate my issue? sam
Is telegraph a typo ? ( in the service it is telegraf )
if not then you have just isolated the issue …
can you do :
ls -al /var/log/apache2/access.log
Yes, certainly that was a typo.
ls -al /var/log/apache2/access.log
-rw-r----- 1 root adm 3264 Jul 17 11:43 /var/log/apache2/access.log
The debian log shows root:root instead of Ubuntu’s root:adm above.
Oh, I neglected to answer one of your earlier Q’s. In top, I can see that telegraf is running under the telegraf user.
Thx.
