[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IDD #WNG-587616]: AMPS ldm feed

Hi Carol,

re:
> I added your machine in the ldmd.conf ALLOW section on
> aws.ssec.wisc.edu. That might help.

I am still getting denied messages when trying to access aws.ssec.wisc.edu:

/opt/antldm% notifyme -vl- -h aws.ssec.wisc.edu
Sep 23 19:55:46 notifyme[25471] NOTE: Starting Up: aws.ssec.wisc.edu: 
20150923195546.327 TS_ENDT {{ANY, ".*"}}
Sep 23 19:55:46 notifyme[25471] NOTE: LDM-5 desired product-class: 
20150923195546.327 TS_ENDT {{ANY, ".*"}}
Sep 23 19:55:46 notifyme[25471] INFO: Resolving aws.ssec.wisc.edu to 
128.104.109.234 took 0.024142 seconds
Sep 23 19:55:46 notifyme[25471] ERROR: NOTIFYME(aws.ssec.wisc.edu): 7: Access 
denied by remote server
^CSep 23 19:55:53 notifyme[25471] NOTE: exiting

Question:

- did you remember to restart the LDM after making changes to the LDM 
configuration
  file, ~ldm/etc/ldmd.conf?

re:
> Yes I have root access to both of machines of interest. If you could
> show me how to do the logging that would be great!

Here is what to check for:

1) make sure that SELINUX is set to either Permissive, or, preferably,
   to disabled:

   <as 'root'>
   getenforce

   If the output of 'getenforce' is Enforcing, this is likely your problem
   as non-root processes are not being allowed to have the system logging
   daemon write log files.

   You can change the SELINUX setting by:

   <as 'root'>
   edit /etc/selinux/config

   change:

   SELINUX=enforcing

   to:

   SELINUX=disabled

   You will then need to reboot the machine for the change to take effect.

   If you decided that you do not want to disable SELINUX, you can set
   it to Permissive.  In this case, change 'disabled' to permissive'
   in the SELINUX= line in /etc/selinux/config.  You do not have to
   reboot to make this change active; you can make the change using
   'setenforce':

   <as 'root'>
   setenforce Permissive

   After doing this, you should probably restart the system logging daemon:

   service rsyslog restart

2) if logging is still not working, make sure that the 'ldmd' and 'hupsyslog'
   executables have setuid root permissions set

   This should look like:

% ls -alt bin/ldmd bin/hupsyslog
-rwsr-xr-x 1 root ustaff 115493 Jun 16 13:24 bin/ldmd*
-rwsr-xr-x 1 root ustaff  11207 Jun 16 13:24 bin/hupsyslog*

3) check /etc/rsyslog.conf (or, if your machine is running syslogd, 
/etc/syslog.conf)
   to see if the LDM installation process wrote LDM specific entries

   The operative entries will be 'local0.none' writing to /var/log/messages and
   'local0.*' writing to the LDM log file (e.g., /usr/local/ldm/logs/ldmd.log, 
etc.).

4) if both 1), 2) and 3) are OK, then try to see if you can write to the LDM 
log file:

   <as 'ldm'>
   logger -p local0.debug 'test of ldm logging'

5) if 4) works, then check to make sure that 'ldm' owns its log file

   If 'root' owns the log file, you will need to stop the LDM, delete the
   log file, create the log file as 'ldm', and then start the LDM

6) if logging still doesn't work (you can use the 'logger' invocation above
   to check to see if 'ldm' can write its log file), then you likely have
   to restart your system logging daemon

   <as 'root'
   service rsyslog restart

re:
> Thanks,

No worries.

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: WNG-587616
Department: Support IDD
Priority: Normal
Status: Closed