Are you trying to set up listen on privileged Ports with Nagios Log Server?
This guide will help you.
On transport protocols such as TCP, UDP, and SCTP, ports 1-1023 are by default privileged ports. To bind to a privileged port, a process must be running with root permissions.
Ports that are greater than 1023 are by default non-privileged.
Configuring the Nagios log server to listen to these ports will be useful if we have legacy devices that can only send on specific ports.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to configure their Nagios log server to listen to privileged ports.
How to Listen on Privileged Ports with Nagios ?
Ports below 1024 are privileged on Linux and only the root user can listen on them.
Following are the two ways in which we can configure this :
1. Run Logstash as root
2. Use setcap
1. Run Logstash as root
This method configures logstash to run as the root user.
We can edit the logstash config file by executing the following command:
RHEL|CentOS|Oracle Linux
# vi /etc/sysconfig/logstashDebian|Ubuntu
# vi /etc/default/logstashor
$ sudo vi /etc/default/logstashAfter that, find the following line:
LS_USER=nagios
And change it to:
LS_USER=root
After that, save and close the file.
Finally, we can restart Logstash Service.
2. Use setcap
This option will preserve logstash running as the nagios user. However, this method will be less secure in some environments as it will allow any Java process to listen on privileged ports.
We have to add the following three lines at the bottom of logstash init configuration file.
First, we have to open the file with the following command:
RHEL|CentOS|Oracle Linux
# vi /etc/sysconfig/logstashDebian|Ubuntu
# vi /etc/default/logstashOR
$ sudo /etc/default/logstashAfter opening, we have to add the following three lines to the end of the file:
# echo $(dirname $(find /usr/lib -name libjli.so)) | awk ‘{print $1}’> /etc/ld.so.conf.d/java.conf
# eval “$(which ldconfig)”
# setcap ‘cap_net_bind_service=+ep’ $(readlink -f $(which java))Then save and close the file.
Finally, restart Logstash service with the following commands:
RHEL 7+|CentOS 7+|CentOS Stream|Oracle Linux 7+|Debian|Ubuntu 16/18/20
# systemctl restart logstash.serviceor
$ sudo systemctl restart lagstash.serviceHow to Add Inputs for the Ports Configuration on Nagios?
After implementing the chosen method, we can add inputs to the configuration for ports below 1024.
We can use the following steps to add
1. First, click the Add Input drop-down list and select Custom.
2. And type a unique name for the input.
3. After that, in the text field, we will need to define the input configuration in the following way:
file {
type => “testing”
path => “/tmp/test.log”
}4. Once we have finished, click the Save button.
5. Then click the Apply button followed by ‘Yes’ in the dialogue box.
Any ports lower than 1024 will not be listed in the "Logstash is currently collecting" banner on the Admin Overview page because the process listing the ports is not privileged and thus can not see any ports lower than 1024.
[Need urgent Assistance in fixing missing Packages on Ubuntu Server? We are happy to help you! ]
Conclusion
This article covers how to configure Nagios Log Servers to listen on privileged ports. Now Nagios Log Server Administrators who would like configure Nagios Log Server to listen on ports below 1024 which are privileged in Linux. This can be useful if you have legacy devices that can only send on specific ports (e.g. syslog on port 514).
Ports below 1024 are privileged on Linux and only allow the root user to listen on them.
This can be implemented via two solutions:
1. Run Logstash as root
2. Use setcap
To use Use setcap for Listening On Privileged Ports:
Here, you can use the logstash running as the nagios user but this method may be less secure in some environments as it will allow any Java process to listen on privileged ports.
i. The logstash init configuration file requires three lines to be added to the end of it, open the file with the following command:
On Debian | Ubuntu:
$ vi /etc/default/logstash
or
$ sudo /etc/default/logstash
2. Then, Add the following three lines to the end of the file:
echo $(dirname $(find /usr/lib -name libjli.so)) | awk '{print $1}'> /etc/ld.so.conf.d/java.conf
eval "$(which ldconfig)"
setcap 'cap_net_bind_service=+ep' $(readlink -f $(which java))
3. Save the file and close vi.
4. Restart Logstash Service
The logstash service needs to be restarted for these changes to apply:
$ sudo systemctl restart lagstash.service
This article covers how to configure Nagios Log Servers to listen on privileged ports. Now Nagios Log Server Administrators who would like configure Nagios Log Server to listen on ports below 1024 which are privileged in Linux. This can be useful if you have legacy devices that can only send on specific ports (e.g. syslog on port 514).
Ports below 1024 are privileged on Linux and only allow the root user to listen on them.
This can be implemented via two solutions:
1. Run Logstash as root
2. Use setcap
To use Use setcap for Listening On Privileged Ports:
Here, you can use the logstash running as the nagios user but this method may be less secure in some environments as it will allow any Java process to listen on privileged ports.
i. The logstash init configuration file requires three lines to be added to the end of it, open the file with the following command:
On Debian | Ubuntu:
$ vi /etc/default/logstash
or
$ sudo /etc/default/logstash
2. Then, Add the following three lines to the end of the file:
echo $(dirname $(find /usr/lib -name libjli.so)) | awk '{print $1}'> /etc/ld.so.conf.d/java.conf
eval "$(which ldconfig)"
setcap 'cap_net_bind_service=+ep' $(readlink -f $(which java))
3. Save the file and close vi.
4. Restart Logstash Service
The logstash service needs to be restarted for these changes to apply:
$ sudo systemctl restart lagstash.service
