Knowledge Doc: [Logger] Logger Process Not Starting Up on RHEL 8.5 Due to SELinux

0 Likes

Summary
Loggerd service may not start and systemd/systemctl may not be able to run its service.

Products
ArcSight Logger

Environment
Software Logger 7.x on RHEL 8.5

Situation
The Linux systemd is unable to start the loggerd service either manually or after reboot.

Cause
It was discovered SELinux was the cause as temporarily disabling (setenforce 0) it allowed loggerd service to start

Resolution
Note: Confirm from your environment as logger path may differ.

  • Check the SELinux status (getenforce)
  • And then disable it temporarily(setenforce 0)
  • Run the command to add loggerd process to SELinux config.

sudo semanage fcontext -a -t bin_t '/opt/arcsight/current/arcsight/logger/bin/loggerd'

  • Also run the restorecon command on the loggerd path as the first command may still return some permission messages during service start.

sudo restorecon -R -v /opt/arcsight/current/arcsight/logger/bin/loggerd

  • After these are applied, reboot server for SElinux to re-enable, logger service should now came up.


Additional Information
An issue with the ReportEngine not sending email reports was also resolved after this workaround, perhaps as a result of the permissions.


Knowledge Base Article Link


URL Name
KM000010220

Labels:

Support Tips/Knowledge Docs
Related
Recommended