<span class="value">I have a Nagios server 3.0.6 running on Ubuntu 8.04
Server. It is monitoring all things fine</span><span class="value"> on multiple
targets</span><span class="value"> except the one below.<br><br>On a certain target, I am trying to monitor my
/var/log/auth.log file for bad activity, such as failed password
attempts, or attempts to login as invalid users, etc.<br><br>I am
trying to do this via the check_log plugin via nrpe, but, I get a "Log
check error: Log file /var/log/auth.log is not readable!" when the
server checks on it.<br><br>The easiest way I have to reproduce the error is the following manually executed command from the host server:<br>/usr/local/nagios/libexec/check_nrpe -H target -c check_badpw<br><br>I know that it means that the file cannot be opened during the check, but, I don't understand why.<br>
<br>ls -l of /var/log/auth.log:<br>-rw-r----- 1 syslog adm 1590863 2009-05-12 10:47 /var/log/auth.log<br><br>In /etc/groups, I have added the "nagios" user to the adm group, so I would think it should work.<br><br>
Further, if I am logged in as root on the target, and do "su - nagios", I can read /var/log/auth.log<br><br>Further, if I "chmod o+r /var/log/auth.log", the command executes properly.<br><br>Additionally, when I am logged into the target as root, and su to nagios and execute the command as defined in nrpe.cfg:<br>
/usr/local/nagios/libexec/check_log -F /var/log/auth.log -O /usr/local/nagios/auth.badpasswords.log -q ": Failed password for"<br>it works fine.<br><br>So, I know it will work if I loosen the permissions on /var/log/auth.log, but, I'd prefer to keep them as tight as possible.<br>
<br>When I am logged into the target as nagios and execute "id", I get, <br></span>uid=5308(nagios) gid=5309(nagios) groups=4(adm),5309(nagios)<div class="richText"></div><br>When I embed "id" into the check_log script, I get:<br>
uid=5308(nagios) gid=5309(nagios)<br><br>so, it would seem that it does not inherit the groups as I would assume it would.<br><br><span class="value">More configuration information:<br>nrpe runs under xinetd on the target:<br>
service nrpe<br>{<br> flags = REUSE<br> socket_type = stream<br> port = 5666<br> wait = no<br> user = nagios<br> group = nagios<br>
server = /usr/local/nagios/bin/nrpe<br> server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd<br> log_on_failure += USERID<br> disable = no<br> only_from = 127.0.0.1 x.x.x.226<br>
}<br><br>How can I determine why the check_nrpe command does not allow for reading of the /var/log/auth.log file on the target machine?</span>