Observium - Graphs shows no data (nan) or empty graphs - sysadmin

I have problem with Observium.
On CentOS 7 I installed Observium. On this server i also have DirectAdmin and Wordpress.
When I login to webpanel Observium, Graphs shows no data (nan).
Graphs no data
<?php
## Check http://www.observium.org/docs/config_options/ for documentation of possible settings
## It's recommended that settings are edited in the web interface at /settings/ on your observium installation.
## Authentication and Database settings must be hardcoded here because they need to work before you can reach the web-based configuration interface
// Database config --- This MUST be configured
$config['db_extension'] = 'mysqli';
$config['db_host'] = 'localhost';
$config['db_user'] = 'root';
$config['db_pass'] = '[MyPassword]';
$config['db_name'] = 'observium';
$config['ping'] = "/usr/sbin/ping";
$config['fping'] = "/usr/sbin/fping";
// Base directory
#$config['install_dir'] = "/opt/observium";
// Default community list to use when adding/discovering
$config['snmp']['community'] = array("public");
// Authentication Model
$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help
// Enable alerter
// $config['poller-wrapper']['alerter'] = TRUE;
//$config['web_show_disabled'] = FALSE; // Show or not disabled devices on major pages.
// Set up a default alerter (email to a single address)
//$config['email']['default'] = "user#your-domain";
//$config['email']['from'] = "Observium <observium#your-domain>";
//$config['email']['default_only'] = TRUE;
$config['enable_syslog'] = 1; // Enable Syslog
// End config.php
I do not see any error when I manually execute:
cd /opt/observium && ./discovery.php -h all && ./poller.php -h all
My /etc/cron.d/observium file
33 */6 * * * root cd /opt/observium/ && ./discovery.php -h all >> /dev/null 2>&1
*/15 * * * * root cd /opt/observium/ && ./discovery.php -h new >> /dev/null 2>&1
*/15 * * * * root cd /opt/observium/ && ./poller.php -h all >> /dev/null 2>&1

you used incorrect polling time (15 mins). Correct polling time is 5min. Use cron entries as described in official install guide CentOS Cron:
# Run a complete discovery of all devices once every 6 hours
33 */6 * * * root /opt/observium/discovery.php -h all >> /dev/null 2>&1
# Run automated discovery of newly added devices every 5 minutes
*/5 * * * * root /opt/observium/discovery.php -h new >> /dev/null 2>&1
# Run multithreaded poller wrapper every 5 minutes
*/5 * * * * root /opt/observium/poller-wrapper.py >> /dev/null 2>&1

It might be problem with installation as it was in my case. Observium has bug here Observium bugreport with explonation "install it again exactly according to the manual". Good page to use for installation information is this observium installation guide.
Problem in my case was that I had a observium folder with all scripts in Documents folder and symlink for html subfolder to /opt/observium/html. I fixed that by making symling of whole observium folder to /opt/observium/ which is set according to observium manual DocumentRoot in
/etc/apache2/sites-available/000-default.conf:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /opt/observium/html
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /opt/observium/html/>
DirectoryIndex index.php
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerSignature On
</VirtualHost>

Related

Send Apache errorlogs from a docker container to syslog host

I have a container with apache2 and modsecurity installed.
My question is: how to send the logs generated by apache and modsecurity (stored in /var/apache2/error.log) to the host?
I have syslog within the host that already collect locally and send the logs to a remote server; I'm able to send the logs from other containers correctly but not from the apache container.
I tried several ways but unfortunately i was not able to achieve this objective:
Piping with: ErrorLog "| :514"
ErrorLog /dev/stderr
TransferLog /dev/stdout
Within dockerfile: RUN ln -sf /proc/self/fd/1 /var/log/apache2/access.log &&
ln -sf /proc/self/fd/1 /var/log/apache2/error.log
This is my current configuration:
/etc/apache2/sites-available/000-default.conf
...
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SecRuleEngine On
...
There is a default modsecurity configuration for now.
Thank you.

Docker www-data grant write permissions to var/www

I'm running a php:7.0-apache Docker image, but I have no permissions to write to /var/www/html. How is it possible to grant write rights to this user?
Dockerfile:
FROM php:7.0-apache
# PHP Extensions
RUN docker-php-ext-install pdo_mysql
# Composer
RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
RUN php composer-setup.php
RUN php -r "unlink('composer-setup.php');"
RUN mv composer.phar /usr/local/bin/composer
ADD vhost-default.conf /etc/apache2/sites-enabled/000-default.conf
# Open Ports
EXPOSE 80
EXPOSE 443
Host Conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html >
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
To resolve this you will need to add an extra line in your Dockerfile like:
RUN chown www-data:www-data /var/www/html/
Sergiu's answer is not working, because your volume is bound after chown.
What you should do is that you should run chown after bound to your volume and before start the Apache.
To do that, I add chown command in the apache2-foreground script.
RUN sed -i 's/^exec /chown www-data:www-data \/var\/www\/html/\n\nexec /' /usr/local/bin/apache2-foreground
So when you start your container, it will change the permission to www-data.
PS: Your container's user should be in root or a user who can execute chown.

How to run cgi script on apache server

This is my program:
[root#localhost cgi-bin]# locate first.pl
/home/Ram/Desktop/work/first.pl
/usr/local/apache2/cgi-bin/first.pl
[root#localhost cgi-bin]# cd /usr/local/apache2/cgi-bin/
[root#localhost cgi-bin]# vi first.pl
#!/usr/bin/perl -w
use warnings;
use warnings;
use CGI;
print "content-type: text/html\n\n";
print "<h2>Hello, World!</h2>\n";
I am calling the script from my browser like this:
http://localhost/usr/local/apache2/cgi-bin/first.pl
I didn't get output, but I'm getting an error:
Not Found
The requested URL /usr/local/apache2/cgi-bin/first.pl was not found on this server.
Apache/2.2.15 (CentOS) Server at localhost Port 80
I checked in web browser whether the Apache web server is working or not by using :
https://localhost
It us showing the welcome page.
How do I resolve this error?
You basically need to change two files after installing apache2 on linux.
Go to terminal and set the following configs:
sudo vim /etc/apache2/sites-enabled/000-default.conf and add the follwing:
<Files ~ "\.(pl|cgi)$">
SetHandler perl-script
PerlResponseHandler ModPerl::PerlRun
Options +ExecCGI
PerlSendHeader On
</Files>
sudo vim /etc/apache2/apache2.conf and add the following:
<Directory /var/www/cgi-bin/>
AddHandler cgi-script .cgi .pl
Options FollowSymLinks ExecCGI
AllowOverride None
</Directory>
After adding these two config changes, write a perl script, place it in the cgi-bin directory, and then give it sufficient privileges (sudo chmod 755 <filename>)
Finally, restart apache2: sudo apache2ctl restart
Screenshots:
Yes, the above process works but the easy way is:
Enable the CGI- sudo a2enmod cgi
Restart the Apache and it works -service apache2 restart
Run the cgi file http://localhost/cgi-bin/1.sh
Best Of Luck !!
In your web configuration (httpd.conf or your virtual host configuration file) you should have the following fragment:
ScriptAlias /cgi-bin/ /etc/local/apache2/cgi-bin/
<Directory "/etc/local/apache2/cgi-bin">
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
</Directory>
restart the server, don't forget to chmod +x /usr/local/apache2/cgi-bin/first.pl and then load http://localhost/cgi-bin/first.pl
This assumes that either there are no virtual hosts in your config, or that the virtual host you configured is the default one. See the apache docs if needed.

How do I set up a web.py apache2 server on an amazon linux ubuntu 13.04 server?

Web.py is free and lightweight. Amazon also provides you with a free web service for a year. How do I set up apache2 onto my server?
*EDIT: Formatting this is impossible. I'll try to do it later. I have such a beautifully written .txt file with fantastic formatting.
I apologize if this isn't thorough. I worked through how to set it up for my very specific setup. However, some of the annoying tricks are solved and may help you on your journey to set it up!!!
I won't walk you through signing up for amazon. There are a million tutorials out there.
Make sure you have an amazon ec2 instance up and running for ubuntu 13.04. Once you're logged in and have your instance launched, get the following going
*I've omitted some numbers as they are specific to our application and don't help.
Give yourself root access
sudo su (if you do this you dont need to sudo anything)
Get Apache 2
apt-get install apache2 apache2.2-common apache2-mpm-prefork apache2-utils libexpat1 ssl-cert
Get Pip
apt-get install python-pip
Get web.py
pip install web.py
Get MySQL
apt-get install python-mysql.connector python-mysqldb mysql-client-core-5.5 mysql-server
set password to: whatever password you want
Get mod_wsgi
apt-get install libapache2-mod-wsgi
6.1 Check to see its working
service apache2 restart
put ip address in web browser to see if it works
enable mod_rewrite
a2enmod rewrite
SFTP (filezilla)
8.1 Giving permissions to allow filezilla in
cd /var/www
mkdir legal #this is our main directory. Name it whatever you want
chown -R ubuntu /var/www/
chmod -R 755 /var/www/
8.2 Connecting in Filezilla
Open Site manager
host: some ip like 54.213.173.233
Port: 22
Protocol: SFTP
Login Type: Normal
User: Ubuntu
Pass: empty
Edit -> Setting -> SFTP: add your key
8.3 Add all of your code Using Filezilla
9 Modifying your code:
go to your main.py
9.1 Wsgifunc()
#add these somewhere in your main file
app = web.application(urls, globals(),autoreload=False)
application = app.wsgifunc()
web.config.debug = True # Change to False
db = web.database(dbn='mysql', host='127.0.0.1', port=3306, user='user goes here', pw='pas goes here', db='')
9.2 Ensure python can find all of your files
AT THE TOP OF YOUR FILE
import os
import sys
root = os.path.join(os.path.dirname(file)+"/")
sys.path.insert(0, root)
modules = os.path.join(os.path.dirname(file)+"/server/")
sys.path.insert(1, modules)
os.chdir(root)
os.environ["SCRIPT_NAME"] =''
os.environ["REAL_SCRIPT_NAME"] = ''
Configuration of apache
cd /etc/apache2/sites-available
10.1 Changing the default file
vim default
change everything to:
*our main folder is called /legal. In it we have our icons and favicons and such in /static. Change these accordingly
ServerAdmin webmaster#localhost
DocumentRoot /var/www/legal/
DirectoryIndex main.py
WSGIScriptAlias / /var/www/legal/
Alias /static /var/www/legal/static/
Options FollowSymLinks
AllowOverride None
Options +Indexes +FollowSymLinks +MultiViews
#changed from non to FileInfo
AllowOverride FileInfo Options
Order allow,deny
allow from all
#ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
#
# AllowOverride None
# Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
# Order allow,deny
# Allow from all
#
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel info
CustomLog ${APACHE_LOG_DIR}/access.log combined
10.2 Test to see if there are errors
apachectl configtest
10.3 Monitor For errors when messing with config files (optional)
tail -f /var/log/apache2/error.log
and
11 Creating a .htaccess file
cd /var/www/legal #this is where our main file is located
vim .htaccess
Then add:
SetHandler wsgi-script
Options +ExecCGI +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^favicon.ico$
RewriteCond %{REQUEST_URI} !^(/.*)+main.py/
RewriteCond %{REQUEST_URI} !^(/.)+.(css|png|js|jpg|ttf|otf|gif|ico)$
RewriteRule ^(.)$ main.py/$1 [PT]
#for reals, it never copies correctly... just a heads up
12 Setting up the database
cd /var/www/legal/server/subapplications
mysql -u root -p'whatever password you want'
12.1 create the database in sql
create database intravires;
###do whatever you need to do here
quit
13 Restart
service apache2 restart
13.1 If broken,Check the logs:
tail -f /var/log/apache2/error.log
14 Profit!

Trac Single Signon not working as mentioned in the cookbook

I am using Trac 0.12.3 in a multi project setup with subversion and am using AccountManagerPlugin from the trunk. The default index page enlists all the project directories and clicking on any of them takes me to the trac page for that project. When I try to login, I am successfully authenticated, however, coming to another project needs me to log in again. I wanted to use single sign on and followed the steps mentioned at http://trac-hacks.org/wiki/CookBook/AccountManagerPluginConfiguration#SingleSignOn
It always asks me to sign in for every project.
My apache config:
<VirtualHost *:80>
ServerName trac.myproject.com
ServerAdmin your#email.com
DocumentRoot /trac
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory />
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
<Location /svn>
DAV svn
SVNParentPath /svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/svnauth
Require valid-user
AuthzSVNAccessFile /etc/svnaccess
</Location>
<LocationMatch "/.+">
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /trac/
PythonOption TracUriRoot /
#AuthType Basic
#AuthName "Trac"
#AuthUserFile /etc/svnauth
#Require valid-user
</LocationMatch>
</VirtualHost>
Trac.ini file, from which all the other project specific trac.ini files are inherited:
[trac]
trac_auth = /trac/cookie
trac_auth_session = /trac/session
#I have also tried setting it as trac_auth_cookie = /trac/cookie
[header_logo]
alt = Logo
height = -1
link = /
src = http://projects.hostgeyser.com/templates/frost/images/logo%20250%20x%2089_new.png
width = -1
[components]
acct_mgr.admin.* = enabled
acct_mgr.api.* = enabled
acct_mgr.db.sessionstore = enabled
acct_mgr.htfile.htdigeststore = disabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.http.httpauthstore = disabled
acct_mgr.notification.* = enabled
acct_mgr.pwhash.htdigesthashmethod = disabled
acct_mgr.pwhash.htpasswdhashmethod = disabled
acct_mgr.svnserve.* = enabled
acct_mgr.svnserve.svnservepasswordstore = disabled
acct_mgr.web_ui.* = enabled
trac.web.auth.loginmodule = disabled
acct_mgr.http.httpauthstore = enabled
[account-manager]
password_store = HtPasswdStore
htpasswd_hash_type = md5
htpasswd_file = /etc/svnauth
You can't mix authentication as you do here:
Apache config by AuthType Basic
AccountManager LoginModule (enabled by acct_mgr.web_ui.* = enabled)
Decide for only one of these. If you want SSO from AcctMgr, then stick to auth_cookie_path = <all-env-common-basepath>. The wiki page TracIni has all valid configuration keys for your Trac application, what is Trac environment-specific, depending on enabled components and installed Trac plugins.
Double-tricky. I just tapped into the same gaffes. Documentation (as well as hasienda's answer) speak of a "base-path", which easily let's one think about the file-system (and something like the session files used by PHP sessions). That's mistake number one: It's the URL path to the trac parent environment. So if your trac projects are using something like http://www.example.org/trac/<project>, your setting must be auth_cookie_path = /trac.
Second trap: Old cookies remaining in the browser. Though I finally adjusted my auth_cookie_path as described above, I was still unable to authenticate. There was an old trac_auth cookie from one project sitting in my jar. After I removed that one, it started working like a charm!