search

microsoft / OMS-Agent-for-Linux

http://www.microsoft.com/oms
Other
410 stars 310 forks source link

Agent not listening on 127.0.0.1:25224 #994

Closed theMichaelB closed 1 week ago

theMichaelB commented 5 years ago

I am trying to get syslog messages out of Ubuntu 18.04 servers into Log Analytics.

I pushed the client from the portal to four Azure hosted Ubuntu servers, Over the last three days Log Analytics has recieved 1131 auth messages, and 11 syslog messages.

Digging into the servers, it appears that port 25224 isn't listening. It shows up in the logs as starting, but then quietly dies (Or at least I've not found logs that state otherwise yet)

To test this I deployed a fresh Ubuntu 18.04 from the standard Azure image and pushed a client through the portal and tested - the same result, port 25224 wasn't listening. I ran an Apt update, rebooted to the same issue.

I then redeployed the server, and manually deployed the client, the complete ssh transcript of that deployment is below. Suffice to say, it had the same result. 

Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.18.0-1023-azure x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Fri Jul  5 06:14:04 UTC 2019

  System load:  0.31              Processes:           128
  Usage of /:   4.1% of 28.90GB   Users logged in:     0
  Memory usage: 4%                IP address for eth0: 10.1.0.4
  Swap usage:   0%

0 packages can be updated.
0 updates are security updates.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@logstest:~$ wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh
--2019-07-05 06:15:08--  https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.52.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.52.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2881 (2.8K) [text/plain]
Saving to: ‘onboard_agent.sh’

onboard_agent.sh                                      100%[========================================================================================================================>]   2.81K  --.-KB/s    in 0s      

2019-07-05 06:15:08 (26.1 MB/s) - ‘onboard_agent.sh’ saved [2881/2881]

ubuntu@logstest:~$ 
ubuntu@logstest:~$ 
ubuntu@logstest:~$ sudo sh onboard_agent.sh -w e1381816-668a-4c4a-bd9f-c1080a95d328 -s {key} -d opinsights.azure.com
--2019-07-05 06:16:34--  https://github.com/Microsoft/OMS-Agent-for-Linux/releases/download/OMSAgent_v1.10.0-1/omsagent-1.10.0-1.universal.x64.sh
Resolving github.com (github.com)... 192.30.255.113
Connecting to github.com (github.com)|192.30.255.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/43709699/18c46e80-65c5-11e9-9214-0eb6b564ec84?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190705%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190705T061634Z&X-Amz-Expires=300&X-Amz-Signature=a0f61e24a751f7d09c12039f33ee1aeb7dbba8e004b2e19d69f55e4e0814e211&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Domsagent-1.10.0-1.universal.x64.sh&response-content-type=application%2Foctet-stream [following]
--2019-07-05 06:16:34--  https://github-production-release-asset-2e65be.s3.amazonaws.com/43709699/18c46e80-65c5-11e9-9214-0eb6b564ec84?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190705%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190705T061634Z&X-Amz-Expires=300&X-Amz-Signature=a0f61e24a751f7d09c12039f33ee1aeb7dbba8e004b2e19d69f55e4e0814e211&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Domsagent-1.10.0-1.universal.x64.sh&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.130.35
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.130.35|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 113184010 (108M) [application/octet-stream]
Saving to: ‘omsagent-1.10.0-1.universal.x64.sh’

omsagent-1.10.0-1.universal.x64.sh                    100%[========================================================================================================================>] 107.94M  37.7MB/s    in 2.9s    

2019-07-05 06:16:37 (37.7 MB/s) - ‘omsagent-1.10.0-1.universal.x64.sh’ saved [113184010/113184010]

Checking host architecture ...
Extracting...
----- Upgrading package: omi (omi-1.6.0-0.ulinux.x64) -----
Selecting previously unselected package omi.
(Reading database ... 55697 files and directories currently installed.)
Preparing to unpack 110/omi-1.6.0-0.ulinux.x64.deb ...
Creating omiusers group ...
Creating omi group ...
Creating omi service account ...
Unpacking omi (1.6.0.0) ...
Setting up omi (1.6.0.0) ...
Generating a RSA private key
...............................................+++++
.....+++++
writing new private key to '/etc/opt/omi/ssl/omikey.pem'
-----
2019-07-05 06:16:45 : Crontab not configured to update omi keytab automatically. Skip unconfigure
2019-07-05 06:16:45 : Crontab configured to update omi keytab automatically
Configuring OMI service ...
Created symlink /etc/systemd/system/multi-user.target.wants/omid.service → /lib/systemd/system/omid.service.
Checking if cron is installed...
Checking if cron/crond service is started...
Set up a cron job to OMI logrotate every 15 minutes
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.23) ...
----- Upgrading package: scx (scx-1.6.3-659.universal.x64) -----
Selecting previously unselected package scx.
(Reading database ... 55757 files and directories currently installed.)
Preparing to unpack .../scx-1.6.3-659.universal.x64.deb ...
Unpacking scx (1.6.3.659) ...
Setting up scx (1.6.3.659) ...
Generating certificate with hostname="logstest", domainname="1epqpagrorwergp2zf312b3p4a.xx.internal.cloudapp.net"

WARNING!
Could not read 256 bytes of random data from /dev/random. Will revert to less secure /dev/urandom.
See the security guide for how to regenerate certificates at a later time when more random data might be available.

----- Upgrading package: omsagent (omsagent-1.10.0-1.universal.x64) -----
Selecting previously unselected package omsagent.
(Reading database ... 55800 files and directories currently installed.)
Preparing to unpack .../omsagent-1.10.0-1.universal.x64.deb ...
Creating omsagent group ...
Creating omsagent service account ...
Creating nxautomation group ...
Creating nxautomation service account ...
Unpacking omsagent (1.10.0.1) ...
Setting up omsagent (1.10.0.1) ...
-e info Reading onboarding params from: /etc/omsagent-onboard.conf
Workspace e1381816-668a-4c4a-bd9f-c1080a95d328 already onboarded and agent is running.
Symbolic links have not been created; re-onboarding to create them
info    Generating certificate ...
-e info Agent GUID is 5dc4b88c-0210-4650-a26f-237455584dba
-e info Onboarding success
Configure syslog...
Configuring rsyslog for OMS logging
Restarting service: rsyslog
Configure heartbeat monitoring agent...
Configure log rotate for workspace e1381816-668a-4c4a-bd9f-c1080a95d328...
INFO:  Configuring OMS agent service e1381816-668a-4c4a-bd9f-c1080a95d328 ...
-e error        MetaConfig generation script not available at /opt/microsoft/omsconfig/Scripts/OMS_MetaConfigHelper.py
Configure log rotate for workspace e1381816-668a-4c4a-bd9f-c1080a95d328...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.23) ...
----- Upgrading package: omsconfig (omsconfig-1.1.1-926.x64) -----
Selecting previously unselected package omsconfig.
(Reading database ... 64131 files and directories currently installed.)
Preparing to unpack .../omsconfig-1.1.1-926.x64.deb ...
Checking for ctypes python module...
Unpacking omsconfig (1.1.1.926) ...
Setting up omsconfig (1.1.1.926) ...
VERBOSE from InstallModule.py: Extracting module zip file from /opt/microsoft/omsconfig/module_packages/nx_1.0.zip to /opt/microsoft/omsconfig/modules
VERBOSE from InstallModule.py: Installing resource MSFT_nxUserResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxUserResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxUserResource.reg to 0644
VERBOSE from InstallModule.py: Installing resource MSFT_nxServiceResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxServiceResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxServiceResource.reg to 0644
VERBOSE from InstallModule.py: Installing resource MSFT_nxPackageResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxPackageResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxPackageResource.reg to 0644
VERBOSE from InstallModule.py: Installing resource MSFT_nxAvailableUpdatesResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxAvailableUpdatesResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxAvailableUpdatesResource.reg to 0644
VERBOSE from InstallModule.py: Installing resource MSFT_nxGroupResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxGroupResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxGroupResource.reg to 0644
VERBOSE from InstallModule.py: Extracting module zip file from /opt/microsoft/omsconfig/module_packages/nxOMSPerfCounter_2.2.zip to /opt/microsoft/omsconfig/modules
VERBOSE from InstallModule.py: Installing resource MSFT_nxOMSPerfCounterResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxOMSPerfCounterResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxOMSPerfCounterResource.reg to 0644
VERBOSE from InstallModule.py: Extracting module zip file from /opt/microsoft/omsconfig/module_packages/nxOMSSyslog_2.2.zip to /opt/microsoft/omsconfig/modules
VERBOSE from InstallModule.py: Installing resource MSFT_nxOMSSyslogResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxOMSSyslogResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxOMSSyslogResource.reg to 0644
VERBOSE from InstallModule.py: Extracting module zip file from /opt/microsoft/omsconfig/module_packages/nxOMSKeyMgmt_1.0.zip to /opt/microsoft/omsconfig/modules
VERBOSE from InstallModule.py: Installing resource MSFT_nxOMSKeyMgmtResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxOMSKeyMgmtResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxOMSKeyMgmtResource.reg to 0644
VERBOSE from InstallModule.py: Extracting module zip file from /opt/microsoft/omsconfig/module_packages/nxFileInventory_1.3.zip to /opt/microsoft/omsconfig/modules
VERBOSE from InstallModule.py: Installing resource MSFT_nxFileInventoryResource
VERBOSE from InstallModule.py: Updated permissions of file: /opt/omi/lib/libMSFT_nxFileInventoryResource_root-oms.so to 0644
VERBOSE from InstallModule.py: Updated permissions of file: /etc/opt/omi/conf/omiregister/root-oms/MSFT_nxFileInventoryResource.reg to 0644
gpg: keybox '/etc/opt/omi/conf/omsconfig/keymgmtring.gpg' created
gpg: directory '/etc/opt/omi/conf/omsconfig/.gnupg' created
gpg: /etc/opt/omi/conf/omsconfig/.gnupg/trustdb.gpg: trustdb created
gpg: key C4EC49E544BC4178: public key "Microsoft (Release Signing) <msgpgkey@microsoft.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: keybox '/etc/opt/omi/conf/omsconfig/keyring.gpg' created
gpg: key 20541A3DDE321294: public key "Microsoft (Release Signing) <dscgpgkey@microsoft.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
VERBOSE from OMS_MetaConfigHelper.py: OMS config path being read: /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/conf/omsadmin.conf
VERBOSE from OMS_MetaConfigHelper.py: Output from: /opt/microsoft/omsconfig/Scripts/SetDscLocalConfigurationManager.py -configurationmof /etc/opt/omi/conf/omsconfig/generated_meta_config.mof: instance of SendConfigurationApply
{
    ReturnValue=0
}

Successfully applied metaconfig.

VERBOSE from OMS_MetaConfigHelper.py: Successfully configured omsconfig.
----- Updating bundled packages -----
Checking if Apache is installed ...
  Apache not found, will not install
Checking if Docker is installed...
  Docker not found. Docker agent will not be installed.
Checking if MySQL is installed ...
  MySQL not found, will not install
Checking if required dependencies for auoms are installed...
  /sbin/auditd isn't installed
  /sbin/audispd isn't installed
  libauparse.so isn't installed
  Because the necessary dependencies are not installed, the auoms auditd plugin will not be installed.
      For Debian & Ubuntu, install the 'auditd' package.
      For CentOS, RHEL & SLES, install the 'audit' package.
Shell bundle exiting with code 0
ubuntu@logstest:~$ netstat -ltnp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:25324           0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
ubuntu@logstest:~$ telnet 127.0.0.1 25224
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

ubuntu@logstest:~$ sudo service omsagent-e1381816-668a-4c4a-bd9f-c1080a95d328 restart && sudo tail /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/log/omsagent.log -f
    buffer_path /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/state/out_oms_diag*.buffer
    buffer_queue_limit 50
    buffer_queue_full_action drop_oldest_chunk
    flush_interval 10s
    retry_limit 10
    retry_wait 30s
    max_retry_wait 9m
  </match>
</ROOT>
2019-07-05 06:18:47 +0000 [info]: listening syslog socket on 127.0.0.1:25224 with udp
2019-07-05 06:19:00 +0000 [info]: reading config file path="/etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/conf/omsagent.conf"
2019-07-05 06:19:00 +0000 [info]: starting fluentd-0.12.40 without supervision
2019-07-05 06:19:00 +0000 [info]: gem 'fluentd' version '0.12.40'
2019-07-05 06:19:00 +0000 [info]: adding filter pattern="oms.health.**" type="filter_operation"
2019-07-05 06:19:00 +0000 [info]: adding match pattern="oms.health.** oms.heartbeat.**" type="out_oms"
2019-07-05 06:19:00 +0000 [info]: adding filter pattern="oms.operation.auditd_plugin" type="grep"
2019-07-05 06:19:00 +0000 [warn]: 'regexp1' parameter is deprecated: Use <regexp> section
2019-07-05 06:19:00 +0000 [warn]: 'regexp2' parameter is deprecated: Use <regexp> section
2019-07-05 06:19:00 +0000 [info]: adding filter pattern="oms.operation.**" type="filter_operation"
2019-07-05 06:19:00 +0000 [info]: adding filter pattern="oms.syslog.**" type="filter_syslog"
2019-07-05 06:19:00 +0000 [info]: adding match pattern="oms.blob.**" type="out_oms_blob"
2019-07-05 06:19:00 +0000 [info]: adding match pattern="oms.** docker.**" type="out_oms"
2019-07-05 06:19:00 +0000 [info]: adding match pattern="diag.oms diag.oms.**" type="out_oms_diag"
2019-07-05 06:19:00 +0000 [info]: adding source type="heartbeat_request"
2019-07-05 06:19:00 +0000 [info]: adding source type="monitor_agent"
2019-07-05 06:19:00 +0000 [info]: adding source type="oms_heartbeat"
2019-07-05 06:19:00 +0000 [info]: adding source type="dsc_monitor"
2019-07-05 06:19:00 +0000 [info]: adding source type="tail"
2019-07-05 06:19:00 +0000 [info]: adding source type="syslog"
2019-07-05 06:19:00 +0000 [info]: adding source type="agent_telemetry"
2019-07-05 06:19:00 +0000 [info]: adding source type="exec"
2019-07-05 06:19:00 +0000 [info]: using configuration file: <ROOT>
  <source>
    type heartbeat_request
    run_interval 20m
    log_level info
    omsadmin_conf_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/conf/omsadmin.conf
    cert_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.crt
    key_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.key
    pid_path /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/run/omsagent.pid
  </source>
  <source>
    type monitor_agent
    tag oms.health
    port 25324
    emit_interval 5m
    emit_config true
  </source>
  <source>
    type oms_heartbeat
    interval 1m
  </source>
  <filter oms.health.**>
    type filter_operation
  </filter>
  <match oms.health.** oms.heartbeat.**>
    type out_oms
    log_level info
    omsadmin_conf_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/conf/omsadmin.conf
    cert_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.crt
    key_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.key
    buffer_chunk_limit 1m
    buffer_type file
    buffer_path /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/state/out_oms_health*.buffer
    buffer_queue_limit 5
    buffer_queue_full_action drop_oldest_chunk
    flush_interval 20s
    retry_limit 10
    retry_wait 30s
    max_retry_wait 5m
    <secondary>
      type __ChunkErrorHandler__
    </secondary>
  </match>
  <source>
    type dsc_monitor
    tag oms.operation.dsc
    dsc_cache_file /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/state/dsc_cache.yml
  </source>
  <source>
    @type tail
    tag oms.operation.auditd_plugin
    path /var/opt/microsoft/omsconfig/omsconfig.log
    pos_file /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/state/omsconfig.log.auditd_plugin.pos
    time_format %Y/%m/%d %H:%M:%S
    keep_time_key true
    format multiline
    format_firstline /^\d{4}\/\d{2}\/\d{2}\s+\d{2}:\d{2}:\d{2}:\s+[A-Z]+:\s+/
    format1 /^(?<time>\d{4}\/\d{2}\/\d{2}\s+\d{2}:\d{2}:\d{2}):\s+(?<level>[A-Z]+):\s+((?<path>[^\(]+)\((?<linenumber>\d+)\)|.*):\n/
    format2 /(?<message>.*)/
    read_from_head true
    log_level error
  </source>
  <filter oms.operation.auditd_plugin>
    @type grep
    regexp1 level ^FATAL$
    regexp2 path ^Scripts\/nxOMSAuditdPlugin.pyc$
  </filter>
  <filter oms.operation.**>
    type filter_operation
  </filter>
  <source>
    type syslog
    port 25224
    bind 127.0.0.1
    protocol_type udp
    tag oms.syslog
    with_priority true
  </source>
  <filter oms.syslog.**>
    type filter_syslog
  </filter>
  <source>
    type agent_telemetry
    query_interval 5m
    poll_interval 15s
    log_level info
    omsadmin_conf_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/conf/omsadmin.conf
    cert_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.crt
    key_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.key
    pid_path /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/run/omsagent.pid
  </source>
  <source>
    type exec
    tag heartbeat.output
    command echo > /dev/null
    format tsv
    keys severity,message
    run_interval 20m
  </source>
  <match oms.blob.**>
    type out_oms_blob
    log_level info
    num_threads 5
    omsadmin_conf_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/conf/omsadmin.conf
    cert_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.crt
    key_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.key
    buffer_chunk_limit 10m
    buffer_type file
    buffer_path /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/state/out_oms_blob*.buffer
    buffer_queue_limit 10
    buffer_queue_full_action drop_oldest_chunk
    flush_interval 60s
    retry_limit 10
    retry_wait 30s
    max_retry_wait 9m
  </match>
  <match oms.** docker.**>
    type out_oms
    log_level info
    num_threads 5
    omsadmin_conf_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/conf/omsadmin.conf
    cert_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.crt
    key_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.key
    buffer_chunk_limit 5m
    buffer_type file
    buffer_path /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/state/out_oms_common*.buffer
    buffer_queue_limit 10
    buffer_queue_full_action drop_oldest_chunk
    flush_interval 20s
    retry_limit 10
    retry_wait 30s
    max_retry_wait 9m
    <secondary>
      type __ChunkErrorHandler__
    </secondary>
  </match>
  <match diag.oms diag.oms.**>
    type out_oms_diag
    log_level info
    num_threads 5
    omsadmin_conf_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/conf/omsadmin.conf
    cert_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.crt
    key_path /etc/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/certs/oms.key
    buffer_chunk_limit 1m
    buffer_type file
    buffer_path /var/opt/microsoft/omsagent/e1381816-668a-4c4a-bd9f-c1080a95d328/state/out_oms_diag*.buffer
    buffer_queue_limit 50
    buffer_queue_full_action drop_oldest_chunk
    flush_interval 10s
    retry_limit 10
    retry_wait 30s
    max_retry_wait 9m
  </match>
</ROOT>
2019-07-05 06:19:00 +0000 [info]: listening syslog socket on 127.0.0.1:25224 with udp
^C
ubuntu@logstest:~$ telnet 127.0.0.1 25224                                                                                                                                                                              
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
ubuntu@logstest:~$ netstat -ltnp                                                                                                                                                                                       
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:25324           0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
ubuntu@logstest:~$ sudo service omsagent-e1381816-668a-4c4a-bd9f-c1080a95d328 restart && sudo netstat -ltnp                                                                                                            
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      947/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1575/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      1575/sshd           
ubuntu@logstest:~$ netstat -ltnp                                                                                                                                                                                       
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:25324           0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
ubuntu@logstest:~$ netstat -ltnp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:25324           0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
ubuntu@logstest:~$
guarismo commented 2 years ago

Did you try looking at UDP ports? netstat -lunp

0ccupi3R commented 1 year ago

@theMichaelB

I know it's an old issue. However, you should try using nc or netcat to test the connection. The telnet by default work on TCP not UDP, whereas your post is listening on UDP (as given by @guarismo ).

nc 127.0.0.1 25224 -v

hestolz commented 1 week ago

Thank you for your submission. As previously announced, the Log Analytics agent has been deprecated and has no support as of August 31, 2024. If you use the Log Analytics agent to ingest data to Azure Monitor, migrate now to the new Azure Monitor agent. As part of repo archival, open issues and pull requests will be closed.