search

phaag / nfsen

Legacy NfSen code
Other
18 stars 9 forks source link

Raspberry Pi OS: nfsend connect() error: No such file or directory! #21

Closed aleksashka closed 9 months ago

aleksashka commented 10 months ago

Hello,

I want to run nfsen on an old Raspberry Pi Model B to collect NSEL events from Cisco ASA, but I faced several issues. May be someone could direct me to the solution.

Initially, running ./install.pl etc/nfsen.conf was stopping with Illegal instruction, after hours of debugging it turned out Raspberry Pi OS repositories provided RRDs.so which would cause Illegal instruction when running line bootstrap RRDs $VERSION; of the file libexec/RRDs.pm, so I managed to compile rrdtool locally (installing required libraries was a quest on it's own) and installation script finished it's work.

a@RPiB2:~ $ /usr/bin/rrdtool --version
Illegal instruction
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ /opt/rrdtool-1.7.2/bin/rrdtool --version
RRDtool 1.7.2  Copyright by Tobias Oetiker <tobi@oetiker.ch>
               Compiled Aug 31 2023 19:14:13

Additionally, I included the path to the new RRDs.so (/opt/rrdtool-1.7.2/lib/perl/5.32.1/arm-linux-gnueabihf-thread-multi-64int/auto/RRDs/RRDs.so) to /opt/nfsen/bin/nfsen after line 54 like this (is it too dirty hack? otherwise old library would have been loaded with the same error):

# The only parameter to set:

use lib "/opt/nfsen/libexec";
use lib "/opt/rrdtool-1.7.2/lib/perl/5.32.1/arm-linux-gnueabihf-thread-multi-64int";

#

After these operations nfsen starts:

a@RPiB2:~ $ sudo /opt/nfsen/bin/nfsen start
Starting nfcapd:(stex_almaty)[32535]
Starting nfsend.
a@RPiB2:~ $

But opening http://ip/nfsen shows:

ERROR: nfsend connect() error: No such file or directory!
ERROR: nfsend - connection failed!!
ERROR: Can not initialize globals!

I presumed that nfsen cannot create a socket-file, so I checked the filename, path, permissions. Seems OK to me..

/var/www/nfsen/conf.php contains $COMMSOCKET = "/opt/nfsen/var/run/nfsen.comm";

/opt/nfsen/etc/nfsen.conf contains the following:

$BASEDIR = "/opt/nfsen";
$VARDIR="${BASEDIR}/var";
$PIDDIR="$VARDIR/run";
$COMMSOCKET = "$PIDDIR/nfsen.comm";
$USER    = "netflow";
$WWWUSER  = "www-data";
$WWWGROUP = "www-data";

User netflow is in the group www-data:

a@RPiB2:~ $ groups netflow
netflow : netflow www-data
a@RPiB2:~ $

/etc/apache2/apache2.conf contains:

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

/etc/apache2/envvars contains:

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

Here are a few additional outputs which might be useful:

a@RPiB2:~ $ namei -l /opt/nfsen/var/run/
f: /opt/nfsen/var/run/
drwxr-xr-x root    root     /
drwxr-xr-x root    root     opt
drwxr-xr-x root    root     nfsen
drwxrwxr-x netflow www-data var
drwxrwxr-x netflow www-data run
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ ll /opt/nfsen/
total 28
drwxr-xr-x 2 root    www-data 4096 Sep  1 12:18 bin
drwxr-xr-x 2 root    www-data 4096 Sep  1 12:45 etc
drwxr-xr-x 3 root    www-data 4096 Sep  1 12:16 libexec
drwxr-xr-x 2 root    www-data 4096 Sep  1 12:16 plugins
drwxrwxr-x 3 netflow www-data 4096 Aug 31 19:27 profiles-data
drwxrwxr-x 3 netflow www-data 4096 Sep  1 12:16 profiles-stat
drwxrwxr-x 6 netflow www-data 4096 Aug 31 19:27 var
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ uname -a
Linux RPiB2 5.15.84+ #1613 Thu Jan 5 11:58:09 GMT 2023 armv6l GNU/Linux
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ cat /etc/*release*
PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ php --version
PHP 7.4.33 (cli) (built: Jun  9 2023 16:51:37) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.33, Copyright (c), by Zend Technologies
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ /usr/local/bin/nfdump -V
/usr/local/bin/nfdump: Version: 1.7.2-release NSEL-NEL, Date: Fri 01 Sep 2023 09:54:04 +06
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ /opt/nfsen/bin/nfsen -V
/opt/nfsen/bin/nfsen: 1.3.9 nfsen 2022 peter
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ ll /opt/nfsen/var/run/
total 4
-rw-r--r-- 1 netflow www-data 6 Sep  1 12:40 p9996.pid
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ sudo /opt/nfsen/bin/nfsen stop
Shutdown nfcapd: (stex_almaty)[32535]. .
Shutdown nfsend:[no pid file found!]
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ sudo runuser -u netflow -- touch /opt/nfsen/var/run/nfsen.comm
a@RPiB2:~ $ ll /opt/nfsen/var/run/nfsen.comm
-rw-r--r-- 1 netflow netflow 0 Sep  1 12:55 /opt/nfsen/var/run/nfsen.comm
a@RPiB2:~ $
a@RPiB2:~ $ # If I touch file, then browser gets: ERROR: nfsend connect() error: Permission denied!
a@RPiB2:~ $
a@RPiB2:~ $ sudo runuser -u netflow -- rm /opt/nfsen/var/run/nfsen.comm
a@RPiB2:~ $
a@RPiB2:~ $
a@RPiB2:~ $ cat /etc/apache2/sites-enabled/nfsen.conf
Alias /nfsen /var/www/nfsen
Alias /netflow /var/www/nfsen
<Directory /var/www/nfsen>
    AllowOverride None
    DirectoryIndex nfsen.php
    Require all granted
</Directory>
a@RPiB2:~ $
a@RPiB2:~ $

The order of operations is in fact quite different, since I am not that proficient with perl, php, compilation, debugging, etc, so there were way too many try-and-error attempts... But hopefully this still might be brought to life :).

Any help would be greatly appreciated!

phaag commented 10 months ago

ERROR: nfsend connect() error: No such file or directory! means indeed, that you have a problem with the socket. After starting nfsend, you can check manually, if the socket has been created. If it exists, it's a web server/php issue. The aid of the running php instance needs to be able to connect to this socket. Depending on your web server config, php with php-fop may run under a different user. Finally check if you have some other restrictions in place, such as SeLinux or other security barriers you would need to tweak for the socket.

aleksashka commented 10 months ago

Thank you for your reply!

The socket does not exist after starting the nfsend, moreover status shows that nfsend itself is not started (check the output below). Is there a way to troubleshoot the socket creation as well as the fact that nfsend is shown as not running? SeLinux is not used (getenforce returns command not found)

a@RPiB2:~ $ ll /opt/nfsen/var/run/
total 4
-rw-r--r-- 1 netflow www-data 5 Sep  1 12:58 p9996.pid
a@RPiB2:~ $  
a@RPiB2:~ $  
a@RPiB2:~ $ sudo /opt/nfsen/bin/nfsen status
Version nfSen: 1.3.9, nfdump: 7
NfSen status:
Collector for (stex_almaty) port 9996 is running [2531].
nfsen daemon: is not running.
a@RPiB2:~ $  
a@RPiB2:~ $  
a@RPiB2:~ $ sudo /opt/nfsen/bin/nfsen stop
Shutdown nfcapd: (stex_almaty)[2531]. .
Shutdown nfsend:[no pid file found!]
a@RPiB2:~ $ 
a@RPiB2:~ $  
a@RPiB2:~ $ sudo /opt/nfsen/bin/nfsen status
Version nfSen: 1.3.9, nfdump: 7
NfSen status:
Collector for (stex_almaty) port 9996 is not running.
nfsen daemon: is not running.
a@RPiB2:~ $ ll /opt/nfsen/var/run/
total 0
a@RPiB2:~ $  
a@RPiB2:~ $  
a@RPiB2:~ $ sudo /opt/nfsen/bin/nfsen start
Starting nfcapd:(stex_almaty)[17493] 
Starting nfsend.
a@RPiB2:~ $  
a@RPiB2:~ $  
a@RPiB2:~ $ ll /opt/nfsen/var/run/
total 4
-rw-r--r-- 1 netflow www-data 6 Sep 12 17:10 p9996.pid
a@RPiB2:~ $  
a@RPiB2:~ $  
a@RPiB2:~ $ sudo /opt/nfsen/bin/nfsen status
Version nfSen: 1.3.9, nfdump: 7
NfSen status:
Collector for (stex_almaty) port 9996 is running [17493].
nfsen daemon: is not running.
a@RPiB2:~ $  
a@RPiB2:~ $  
a@RPiB2:~ $ namei -l /opt/nfsen/var/run/
f: /opt/nfsen/var/run/
drwxr-xr-x root    root     /  
drwxr-xr-x root    root     opt
drwxr-xr-x root    root     nfsen
drwxrwxr-x netflow www-data var
drwxrwxr-x netflow www-data run
a@RPiB2:~ $  
a@RPiB2:~ $ 
a@RPiB2:~ $ sudo ps aux | grep nfse[n]
netflow  17493  0.0  0.4  53204  2196 ?        Sl   17:10   0:00 /usr/local/bin/nfcapd -D -p 9996 -u netflow -g www-data -B 200000 -S 1 -P /opt/nfsen/var/run/p9996.pid -y -I stex_almaty -w /opt/nfsen/profiles-data/live/stex_almaty
a@RPiB2:~ $
phaag commented 9 months ago

nfsend should write syslog messages! Please make sure syslog is properly configured in nfsend.conf and (r)syslogd.conf. Check the syslog file for errors.

phaag commented 9 months ago

Seems no feedback ..

aleksashka commented 9 months ago

I am sorry, Peter.

I still cannot find where those logs are directed and saved. Is it OK to get back to this issue when I will have more time to investigate my logging issues?

Thank you.