8
responses

config file:

## This is a sample configuration file. See the nxlog reference manual about the

## configuration options. It should be installed locally under

## /usr/share/doc/nxlog-ce/ and is also available online at

## http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

########################################

# Global directives                    #

########################################

User nxlog

Group nxlog

LogFile /var/log/nxlog/nxlog.log

LogLevel INFO

########################################

# Modules                              #

########################################

<Extension _syslog>

    Module      xm_syslog

</Extension>

<Extension multiline>

 Module xm_multiline

 HeaderLine /^\w{3}\s\w{3}\s\d{2}\s\d{2}:\d{2}:\d{2}\s\d{4}/

</Extension>

<Input oerrorin1>

 Module    im_file

 File     '/u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log'

 InputType multiline

 SavePos TRUE

 ReadFromLast  FALSE

</Input>

<Output udpout>

 Module    om_udp

 Host   10.1.227.45

 Port   514

</Output>s


########################################

# Routes                               #

########################################

<Route 1>

    Path        oerrorin1 =>udpout

</Route>

 

then i get the log:

2017-03-17 16:16:39 INFO nxlog-ce-2.8.1248 started

2017-03-17 16:16:39 ERROR failed to open /u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log;Permission denied

2017-03-17 16:16:41 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log;Permission denied

2017-03-17 16:16:47 ERROR last message repeated 2 times

2017-03-17 16:16:55 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log;Permission denied

2017-03-17 16:17:11 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log;Permission denied

2017-03-17 16:17:43 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log;Permission denied

2017-03-17 16:18:47 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log;Permission denied

2017-03-17 16:20:55 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log;Permission denied

2017-03-17 16:25:11 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log;Permission denied

2017-03-17 16:34:16 DEBUG reading config cache from /var/spool/nxlog/configcache.dat

2017-03-17 16:34:16 DEBUG Setting up module '_syslog' using xm_syslog

2017-03-17 16:34:16 DEBUG module _syslog has 4 exported functions

2017-03-17 16:34:16 DEBUG registering function syslog_facility_value

2017-03-17 16:34:16 DEBUG function 'syslog_facility_value' registered

2017-03-17 16:34:16 DEBUG registering function syslog_facility_string

2017-03-17 16:34:16 DEBUG function 'syslog_facility_string' registered

2017-03-17 16:34:16 DEBUG registering function syslog_severity_value

2017-03-17 16:34:16 DEBUG function 'syslog_severity_value' registered

2017-03-17 16:34:16 DEBUG registering function syslog_severity_string

2017-03-17 16:34:16 DEBUG function 'syslog_severity_string' registered

2017-03-17 16:34:16 DEBUG module _syslog has 9 exported procedures

2017-03-17 16:34:16 DEBUG registering procedure parse_syslog

2017-03-17 16:34:16 DEBUG procedure 'parse_syslog' registered

2017-03-17 16:34:16 DEBUG registering procedure parse_syslog

2017-03-17 16:34:16 DEBUG procedure 'parse_syslog' registered

2017-03-17 16:34:16 DEBUG registering procedure parse_syslog_bsd

2017-03-17 16:34:16 DEBUG procedure 'parse_syslog_bsd' registered

2017-03-17 16:34:16 DEBUG registering procedure parse_syslog_bsd

2017-03-17 16:34:16 DEBUG procedure 'parse_syslog_bsd' registered

2017-03-17 16:34:16 DEBUG registering procedure parse_syslog_ietf

2017-03-17 16:34:16 DEBUG procedure 'parse_syslog_ietf' registered

2017-03-17 16:34:16 DEBUG registering procedure parse_syslog_ietf

2017-03-17 16:34:16 DEBUG procedure 'parse_syslog_ietf' registered

2017-03-17 16:34:16 DEBUG registering procedure to_syslog_bsd

2017-03-17 16:34:16 DEBUG procedure 'to_syslog_bsd' registered

2017-03-17 16:34:16 DEBUG registering procedure to_syslog_ietf

2017-03-17 16:34:16 DEBUG procedure 'to_syslog_ietf' registered

2017-03-17 16:34:16 DEBUG registering procedure to_syslog_snare

2017-03-17 16:34:16 DEBUG procedure 'to_syslog_snare' registered

2017-03-17 16:34:16 DEBUG Setting up module 'multiline' using xm_multiline

2017-03-17 16:34:16 DEBUG Setting up module 'oerrorin1' using im_file

2017-03-17 16:34:16 DEBUG module oerrorin1 has 1 exported functions

2017-03-17 16:34:16 DEBUG registering function file_name

2017-03-17 16:34:16 DEBUG function 'file_name' registered

2017-03-17 16:34:16 DEBUG module oerrorin1 has 0 exported procedures

2017-03-17 16:34:16 DEBUG FlowControl enabled for oerrorin1

2017-03-17 16:34:16 DEBUG Setting up module 'udpout' using om_udp

2017-03-17 16:34:16 DEBUG Setting up module 'fileout2' using om_file

2017-03-17 16:34:16 DEBUG module fileout2 has 2 exported functions

2017-03-17 16:34:16 DEBUG registering function file_name

2017-03-17 16:34:16 DEBUG function 'file_name' registered

2017-03-17 16:34:16 DEBUG registering function file_size

2017-03-17 16:34:16 DEBUG function 'file_size' registered

2017-03-17 16:34:16 DEBUG module fileout2 has 2 exported procedures

2017-03-17 16:34:16 DEBUG registering procedure rotate_to

2017-03-17 16:34:16 DEBUG procedure 'rotate_to' registered

2017-03-17 16:34:16 DEBUG registering procedure reopen

2017-03-17 16:34:16 DEBUG procedure 'reopen' registered

2017-03-17 16:34:16 DEBUG CONFIG: _syslog

2017-03-17 16:34:16 DEBUG inputreader 'Syslog_TLS' registered

2017-03-17 16:34:16 DEBUG Inputreader 'Syslog_TLS' registered

2017-03-17 16:34:16 DEBUG outputwriter 'Syslog_TLS' registered

2017-03-17 16:34:16 DEBUG Outputwriter 'Syslog_TLS' registered

2017-03-17 16:34:16 DEBUG CONFIG: multiline

2017-03-17 16:34:16 DEBUG inputreader 'multiline' registered

2017-03-17 16:34:16 DEBUG Inputreader 'multiline' registered

2017-03-17 16:34:16 DEBUG CONFIG: oerrorin1

2017-03-17 16:34:16 DEBUG adding string [/u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log]

2017-03-17 16:34:16 DEBUG string literal declared at line 29, character 86 in /etc/nxlog.conf

2017-03-17 16:34:16 DEBUG literal

2017-03-17 16:34:16 DEBUG parsed expression

2017-03-17 16:34:16 DEBUG CONFIG: udpout

2017-03-17 16:34:16 DEBUG CONFIG: fileout2

2017-03-17 16:34:16 DEBUG adding string [/var/log/logmsg2.txt]

2017-03-17 16:34:16 DEBUG string literal declared at line 43, character 27 in /etc/nxlog.conf

2017-03-17 16:34:16 DEBUG literal

2017-03-17 16:34:16 DEBUG parsed expression

2017-03-17 16:34:16 DEBUG pidfile /var/run/nxlog/nxlog.pid removed

2017-03-17 16:34:16 DEBUG daemonizing...

2017-03-17 16:34:16 DEBUG INIT: _syslog

2017-03-17 16:34:16 DEBUG INIT: multiline

2017-03-17 16:34:16 DEBUG INIT: oerrorin1

2017-03-17 16:34:16 DEBUG INIT: udpout

2017-03-17 16:34:16 DEBUG Pollset initialized for module udpout (method: poll)

2017-03-17 16:34:16 DEBUG INIT: fileout2

2017-03-17 16:34:16 DEBUG Pollset initialized for module fileout2 (method: poll)

2017-03-17 16:34:16 DEBUG now running as group nxlog

2017-03-17 16:34:16 WARNING additional group memberships couldn't be set because getgrouplist()and setgroups() are not available on this platform

2017-03-17 16:34:16 DEBUG now running as user nxlog

2017-03-17 16:34:16 DEBUG running as uid: 203, euid: 203, gid: 204, egid: 204

2017-03-17 16:34:16 DEBUG pidfile /var/run/nxlog/nxlog.pid created

2017-03-17 16:34:16 DEBUG parsing path: oerrorin1 =>udpout

2017-03-17 16:34:16 DEBUG adding module oerrorin1 to route 1

2017-03-17 16:34:16 DEBUG adding module udpout to route 1

2017-03-17 16:34:16 DEBUG parsing path: in2 => fileout2

2017-03-17 16:34:16 ERROR [router.c:68/nx_route_add_module()] module 'in2' is not declared at /etc/nxlog.conf:54

2017-03-17 16:34:16 DEBUG adding module fileout2 to route tcproute

2017-03-17 16:34:16 ERROR [router.c:347/nx_add_route()] route tcproute is not functional without input modules, ignored at /etc/nxlog.conf:54

2017-03-17 16:34:16 DEBUG jobgroup created with priority 99

2017-03-17 16:34:16 DEBUG jobgroup created with priority 10

2017-03-17 16:34:16 DEBUG spawning 3 worker threads

2017-03-17 16:34:16 DEBUG worker thread 0 started

2017-03-17 16:34:16 DEBUG worker thread 1 started

2017-03-17 16:34:16 DEBUG worker thread 2 started

 

I have no idea about this problem. 

 

/u01/app/oracle/diag/rdbms/oraywsoudb/oraywsoudb/trace/alert_oraywsoudb.log   --> user and group is oracle:oinstall

and i add the nxlog user in oinstall group, but why continue report Permission denied?

 

AskedMarch 17, 2017 - 11:41am

Comments (8)

  • atmosx's picture

    Hello Alex Chen,

    The debug log shows that nxlog can not set another group under AIX:

    2017-03-17 16:34:16 DEBUG now running as group nxlog
    2017-03-17 16:34:16 WARNING additional group memberships couldn't be set because getgrouplist()and setgroups() are not available on this platform

    Probably you need to change the permissions (eg. chmod 755 ) of that file in order to be accessible by nxlog.

  • atmosx's picture

    Hi Alex,

    Can you supply a bit more info? Does it work for a few days/hours and then happens again? Is there any possibility that the log file is rotate and permissions are reset to previous state?

  • alexchen123's picture

    Thanks very much!

    my log path is: 

    oracle:oinstall  /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log

    and the path permission:

     /drwxr—xr—x/ drwxr—xr—x/ drwxr—xr—x/ drwxr—xr—x/ drwxr------(740)/ drwxr------(740)/drwxr------(740)/ drw-r------(640)/

    theoretically,if we add user nxlog into group oinstall , i will get the read permission。

    unfortunately, I also get the problem about permission problem。

    the nxlog.log:

    2017-03-21 14:47:55 INFO nxlog-ce-2.8.1248 started
    2017-03-21 14:47:55 DEBUG adding file: /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log
    2017-03-21 14:47:55 DEBUG worker 1 processing event 0x20352808
    2017-03-21 14:47:55 DEBUG module oerrorin1 read saved position 0 for /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log
    2017-03-21 14:47:55 DEBUG PROCESS_EVENT: MODULE_START (udpout)
    2017-03-21 14:47:55 DEBUG opening /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log
    2017-03-21 14:47:55 DEBUG START: udpout
    2017-03-21 14:47:55 DEBUG START: multiline
    2017-03-21 14:47:55 DEBUG worker 2 waiting for new event
    2017-03-21 14:47:55 ERROR Exception was caused by "apr_file_open(&((*file)->input->desc.f), (*file)->name, APR_READ, APR_OS_DEFAULT, pool)" at im_file.c:268/im_file_input_open();[im_file.c:268/im_file_input_open()] failed to open /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied
    2017-03-21 14:47:55 DEBUG file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log closed
    2017-03-21 14:47:55 DEBUG nx_event_to_jobqueue: READ (oerrorin1)
    2017-03-21 14:47:55 DEBUG event added to jobqueue
    2017-03-21 14:47:55 DEBUG worker 2 got signal for new job

    if i chmod the path permission :

    /drwxr—xr—x/ drwxr—xr—x/ drwxr—xr—x/ drwxr—xr—x/ drwxr-xr-x(755)/ drwxr-xr-x(755)/drwxr-xr-x(755)/ drw-r—r--(644)/

    this problem is solved.

    but I don't konw why not get read permission when add group in AIX6.1 system.

     

     

  • b0ti's picture
    (NXLog)

    In case you haven't seen this, please read it again:

    > 2017-03-17 16:34:16 WARNING additional group memberships couldn't be set because getgrouplist()and setgroups() are not available on this platform

    > theoretically,if we add user nxlog into group oinstall , i will get the read permission。

    If setgroups() would work, this would be the case but due to the above it is not. So in this case it can only read files/directories that have the ownership nxlog:nxlog.

     

  • alexchen123's picture

    thanks, you are right, maybe setgroups() doesn't work.

    I read the source code about nxlog.

    nxlog-ce.2.8.1248/src/core/main-unix.c:


    static void nxlog_set_groups(nxlog_t *nxlog, apr_uid_t uid)
    {
        gid_t grplist[100];
        int ngroups = sizeof(grplist);
        char *user;
        apr_status_t rv;

        if ( (rv = apr_uid_name_get(&user, uid, nxlog->pool)) != APR_SUCCESS )
        {
        log_aprerror(rv, "couldn't resolve uid %d to name", uid);
        return;
        }
    #ifdef HAVE_GETGROUPLIST 
    # ifdef HAVE_SETGROUPS
        if ( getgrouplist(user, getgid(), grplist, &ngroups) == -1 )
        {
        log_error("couldn't get group membership for user %s (uid: %d), too many groups?", user, uid);
        return;
        }
        if ( setgroups((size_t) ngroups, grplist) != 0 )
        {
        log_errno("couldn't get group membership for user %s (uid: %d), setgroups() failed",
              user, uid);
        return;
        }
    # else
        log_warn("additional group memberships couldn't be set because getgrouplist()"
             "and setgroups() are not available on this platform");
    # endif
    #else
        log_warn("additional group memberships couldn't be set because getgrouplist()"
             "and setgroups() are not available on this platform");
    #endif

    }


     

    and the HAVE_SETGROUPS/HAVE_GETGROUPLIST define in config.h.in file:

    /* Define to 1 if you have the `setgroups' function. */
    #undef HAVE_SETGROUPS

    /* Define to 1 if you have the `getgrouplist' function. */
    #undef HAVE_GETGROUPLIST

    and the config.h.in was generated from configure.in  file

    AC_CHECK_HEADERS(sys/klog.h)
    AC_CHECK_HEADERS(grp.h)
    AC_CHECK_FUNCS(getgrouplist setgroups)

    maybe this check is not work  when i compile the nxlog rpm pkg.

     

  • b0ti's picture
    (NXLog)

    You have to make sure that the parent directories have the proper permissions also.

    I'm sorry but it looks like your problem is a generic permissions problem so I suggest you get familiar with how permissions and ownerships work on Unix. There are plenty of tutorials on the internet.

Answers (0)