I've been ask to send the logs from a Nessus scanner remotely on a syslog server,
But I can't find a way to bind it to syslog.
Is there a way to do it ?
You would need to use the imfile module of rsyslog and configure a rule for each Nessus log file.
Here's a suggestion on how to proceed:
Edit /etc/rsyslog.conf
Add the following line:
$ModLoad imfile
Create the imfile rules by adding the below lines for each log file (I suggest including nessusd.messages, nessusd.dump and backend.log. By default, they are in /opt/nessus/var/nessus/logs):
# File 1
$InputFileName path_to_file
$InputFileTag tag:
$InputFileStateFile state_file_name
$InputRunFileMonitor
Restart Rsyslog
There are more optional settings available but the aforementioned ones are required. Refer to the "Using Rsyslog Modules" RedHat guide for more info.
Note that you can also configure these rules in a separate file. Should you choose to do so, you'll need to add the $IncludeConfig directive in /etc/rsyslog.conf/. See the Rsyslog documentation.
.
Related
Trying to configure fluentd output with td-agent and the fluent-google-cloud plugin. The plugin and all dependencies are loaded but fluentd is not outputting to google cloud logging and the td-agent log states error="Unable to read the credential file specified by GOOGLE_APPLICATION_CREDENTIALS: file /home/$(whoami)/.config/gcloud/service_account_credentials.json does not exist".
However when I go to the file path, the file does exist and the $GOOGLE_APPLICATION_CREDENTIALS variable is set to the file path as well.What should I do to fix this?
On the assumption that the error and you are both correct, I suspect (!) that you're using your user account ( == whoami) and finding /home/$(whoami)/.config/gcloud while the agent is running (under systemctl?) as root and not finding the credentials file there (perhaps /root/.config/gcloud.
It would be helpful if you included more details as to what you've done in order that we can better understand the issue.
I found doc that indicates I need to setup a webserver in my collective environment, however, I cannot determine the correct set of steps. Thoughts?
It would help to see what you've already tried, but consider the following:
Create two or more servers on one or more of the hosts and join them to the collective. Make sure your servers are clusterMembers and collectiveMembers. The following post should help with creating servers and joining them to the collective:
How can I setup a cell and collective in Bluemix
Update the controller's /etc/hosts file with the hostnames of all the hosts in the collective.
Download and follow this guide to generate the plugin-cfg.xml file on the controller:
https://developer.ibm.com/wasdev/downloads/#asset/scripts-jython-Generate_Cluster_Plugin
Copy the generated plugin-cfg.xml file to /opt/IBM/WebSphere/HTTPServer/conf
Edit /opt/IBM/WebSphere/HTTPServer/conf/httpd.conf and uncomment these two lines at the bottom of the file:
LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/WebSphere/Profiles/Liberty/servers/controller/pluginConfig/myLibertyCluster-plugin-cfg.xml
Change the WebSpherePluginConfig value to be /opt/IBM/WebSphere/HTTPServer/conf/plugin-cfg.xml
Stop and start the HTTP server
sudo ./apachectl stop
sudo ./apachectl start
Verify the application can be reached using the webserver <webserverIP>:80/appname
Generate the plugin again if the application is added or removed.
I want to move *.out log file of Node manager to my own custom location.
Thanks in advance.
Passing following arguments on Weblogic console, I was able to change the default location of *.out nodemanager log file.
-Dweblogic.Stderr=/usr/local/Weblogic12c/logs/error/servererror.out
Add the options -Dweblogic.Stdout=<outfile> and -Dweblogic.Stderr=<errorfile> In order to move all logs to a separate location.
In addition to changing the location of the file, you can also redirect more of the output to the standard .log file defined for the server.
Something similar to the command line options -Dweblogic.Stdout=<outfile> and -Dweblogic.Stderr=<errorfile> is to login to the weblogic console and do the following for each server:
Servers -> <server name> -> Logging Tab advanced section ->
Check both "Redirect stdout logging enabled" and "Redirect stderr logging enabled"
Unfortunately this does not help with the fact that the .out files will grow in size without being rotated. See this link for some info on how you can rotate the .out files yourself.
How to I change the monitoring-agent.config to go out via proxy with authentication?
The change log states...
Monitoring Agent 2.3.1.89-1
Released 2014-07-08
Added support for HTTP proxy configuration in the agent configuration file.
But I can't see how to do this.
Following wdberkeley's link I can add this value to the monitoring-agent.config file.
httpProxy=http://"pxproxy01":3128
But this gives..
Failure getting conf. Op: Get Err: Proxy Authentication Required
Is there anyway to set the authentication user/password ?
Edit file:
C:\MMSData\Monitoring\monitoring-agent.config
Add line...
httpProxy=http://<insert_server_address>:<insert_port>
e.g.
httpProxy=http://PROXY01.server.com:3128
Then get the proxy control team, who ever they be, to exclude the following from requiring authentication.
https://mms.mongodb.com 80
https://mms.mongodb.com 443
This has worked for me. I now have the MMS Agent on Windows sending stat's to the MMS service.
Thanks to #wdberkeley for starting me off on this route.
wdberkeley, the page you linked to does not exist & the classic page PDF & HTTP versions state 'HTTP_PROXY' not 'httpproxy' (on OSx section & tar.gz section), section '6.6 Monitoring Agent Configuration' does state the correct property name 'httpproxy'.
I have an HAProxy install which was configured by someone who left the company. It runs on Ubuntu 10.04 and it seems to use 3 configuration files in the directory /etc/haproxy
haproxy.cfg
haproxy.http.cfg
haproxy.https.cfg
I don't see the point in using the haproxy.https.cfg file as I believe (in our configuration) it can all be configured from a single haproxy.http.cfg file but when I remove that httpS file it complains bitterly and refuses to run. My question
Is this the standard configuration haproxy uses or if not, I can't find a reference to the "S" file anywhere. Can anyone suggest how HAProxy concludes it should use it?
Thanks
The very answer to your question: your haproxy is simply launched with those three config files ( -f haproxy.cfg -f haproxy.http.cfg -f haproxy.https.cfg, maybe from /etc/init.d/haproxy but mileage varies depending on your distribution ).
If you remove the file, of course it will complain.
This is not particularly standard, but ain't bad either, it helps structuring the conf rather than having a very long file.
The task of the .https version will certainly be to redirect the https traffic towards a service that can handle HTTPS (stunnel or nginx usually), since haproxy cannot terminate ssl connections. (stunnel has to be patched, see on the haproxy page)
If you want you can merge those files into one or two, just find out how haproxy is launched (check for init.d or let us know which distribution) and fix it appropriately.
I believe that it is only /etc/haproxy/haproxy.cfg that is used by default.
This may be of use to you (1.4 configuration reference):
http://haproxy.1wt.eu/download/1.4/doc/configuration.txt