I have a Nagios server 3.0.6 running on Ubuntu 8.04 Server. It is monitoring all things fine on multiple targets except the one below.
On a certain target, I am trying to monitor my /var/log/auth.log file for bad activity, such as failed password attempts, or attempts to login as invalid users, etc. I am trying to do this via the check_log plugin via nrpe, but, I get a "Log check error: Log file /var/log/auth.log is not readable!" when the server checks on it. The easiest way I have to reproduce the error is the following manually executed command from the host server: /usr/local/nagios/libexec/check_nrpe -H target -c check_badpw I know that it means that the file cannot be opened during the check, but, I don't understand why. ls -l of /var/log/auth.log: -rw-r----- 1 syslog adm 1590863 2009-05-12 10:47 /var/log/auth.log In /etc/groups, I have added the "nagios" user to the adm group, so I would think it should work. Further, if I am logged in as root on the target, and do "su - nagios", I can read /var/log/auth.log Further, if I "chmod o+r /var/log/auth.log", the command executes properly. Additionally, when I am logged into the target as root, and su to nagios and execute the command as defined in nrpe.cfg: /usr/local/nagios/libexec/check_log -F /var/log/auth.log -O /usr/local/nagios/auth.badpasswords.log -q ": Failed password for" it works fine. So, I know it will work if I loosen the permissions on /var/log/auth.log, but, I'd prefer to keep them as tight as possible. When I am logged into the target as nagios and execute "id", I get, uid=5308(nagios) gid=5309(nagios) groups=4(adm),5309(nagios) When I embed "id" into the check_log script, I get: uid=5308(nagios) gid=5309(nagios) so, it would seem that it does not inherit the groups as I would assume it would. More configuration information: nrpe runs under xinetd on the target: service nrpe { flags = REUSE socket_type = stream port = 5666 wait = no user = nagios group = nagios server = /usr/local/nagios/bin/nrpe server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd log_on_failure += USERID disable = no only_from = 127.0.0.1 x.x.x.226 } How can I determine why the check_nrpe command does not allow for reading of the /var/log/auth.log file on the target machine? ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null