Welcome to Pandora FMS Community!

Find answers, ask questions, and connect with our community around the world.

Welcome to Pandora FMS Community Forums Community support Linux Agent intermittently connecting to Linux Pandora server

  • Community support

    Linux Agent intermittently connecting to Linux Pandora server

    Posted by technoid-techman on July 17, 2008 at 03:38

    Hi there

    I have an agent on a Centos (RedHat) machine which is sending data to Pandora on Centos. So this is all Linux.

    SSH keys appear to be configured correctly.

    But I have a weird problem. Leaving the agent machine alone… I find that after a period, it stops connecting. Pandora reports the Agent Down message.

    However – if I connect to the agent machine, using WinSCP, then the agent will start connecting to the server again. After disconnecting, it then stops communicating with the server.

    Looking in the audit log (/var/log/audit/audit.log) on the Pandora server, I see thess failure message:

    type=USER_LOGIN msg=audit(1216230923.905:118691): user pid=32443 uid=0 auid=4294967295 msg=’acct=”pandora”: exe=”/usr/sbin/sshd” (hostname=?, addr=169.254.1.20, terminal=sshd res=failed)’

    type=USER_ERR msg=audit(1216230923.926:118695): user pid=32443 uid=0 auid=4294967295 msg=’PAM: bad_ident acct=”?” : exe=”/usr/sbin/sshd” (hostname=xxx.xxx.co.uk, addr=169.254.1.20, terminal=ssh res=failed)’

    Yet, a few minutes later, I might see this success message:

    type=USER_START msg=audit(1216231407.280:118767): user pid=2089 uid=0 auid=501 msg=’PAM: session open acct=”pandora” : exe=”/usr/sbin/sshd” (hostname=xxx.xxx.co.uk, addr=169.254.1.20, terminal=ssh res=success)’

    There seems to be something in the hostname resolution.

    I realize this is more a Linux problem than a Pandora problem… but can anybody suggest where the problem might lie?

    I am successfully monitoring other Linux and Windows servers, with no such issues.

    Thanks – Technoid

    technoid-techman replied 16 years, 6 months ago 3 Members · 4 Replies
  • 4 Replies

  • manu

    Member
    July 17, 2008 at 05:42
    0 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    I guess you already know that’s SElinux, by default RH and RH based systems have SElinux enabled, so might need to either set it to “permissive mode”: setenforce 0

    Before doing it, make sure you’re not using SElinux for anything else.

    Hope this helps
    Manuel

  • technoid-techman

    Member
    July 18, 2008 at 06:35
    0 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    I checked into the SELinux configuration. It is actually ‘Disabled’ on the Pandora server.

    Any other ideas would be appreciated!

    Thanks – Technoid

  • Sancho

    Administrator
    July 22, 2008 at 17:54
    2321 Karma points
    Community awards: bulb Bright ideas
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    0
    Down
    Drop it
    ::

    This sounds very weird. Have you consider the option of using tentacle ?. We created it because SSH was a pain in the ass, and SELinux add more complexity… 🙁

  • technoid-techman

    Member
    August 5, 2008 at 06:47
    0 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    I may have solved this problem. The administrator on this Linux client has two root accounts. i.e. He disabled the root account, and you therefore need to log in with an alternative account.

    However – when you log in with the alternative account, somehow, you are then using the root account. Bizarre.

    Anyway – I added SSH keys for the real root user, and this alias user, and things seem to be working.

    I will remove the non-required key once I’m sure which one it is.

Start of Discussion
0 of 0 replies June 2018
Now

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .