CB Response: Services failing to start at coreservices after recent changes to Syslog
search cancel

CB Response: Services failing to start at coreservices after recent changes to Syslog

book

Article ID: 290487

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Error in /var/log/cb/coreservices/startup.log
    • Traceback (most recent call last):
        File "/usr/share/cb/virtualenv/bin/gunicorn", line 11, in <module>
          sys.exit(run())
        File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 74, in run
          WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
        File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/app/base.py", line 203, in run
          super(Application, self).run()
        File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/app/base.py", line 72, in run
          Arbiter(self).run()
        File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 60, in __init__
          self.setup(app)
        File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 95, in setup
          self.log = self.cfg.logger_class(app.cfg)
        File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/glogging.py", line 193, in __init__
          self.setup(cfg)
        File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/glogging.py", line 232, in setup
          disable_existing_loggers=False)
        File "/usr/lib64/python2.7/logging/config.py", line 85, in fileConfig
          handlers = _install_handlers(cp, formatters)
        File "/usr/lib64/python2.7/logging/config.py", line 163, in _install_handlers
          h = klass(*args)
        File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/cb/utils/cb_logging.py", line 37, in __init__
        File "/usr/lib64/python2.7/logging/handlers.py", line 761, in __init__
          self._connect_unixsocket(address)
        File "/usr/lib64/python2.7/logging/handlers.py", line 804, in _connect_unixsocket
          self.socket.connect(address)
        File "/usr/lib64/python2.7/socket.py", line 228, in meth
          return getattr(self._sock,name)(*args)
      socket.error: [Errno 2] No such file or directory
      ​​
  • Rsyslog errors in /var/log/messages
    • rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
      rsyslogd: the last error occured in /etc/rsyslog.conf, line #:
      rsyslogd: warning: selector line without actions will be discarded
      rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]

Environment

  • CB Response Server: 6.x or higher
  • Syslog integration is enabled

Cause

  • There is a misconfiguration in /etc/rsyslog.conf preventing services from starting

Resolution

  1. Fix any issues in /etc/rsyslog.conf as indicated by errors in /var/log/messages
  2. Restart rsyslog
    • service rsyslog restart
  3. Restart Response - https://community.carbonblack.com/t5/Knowledge-Base/Cb-Response-How-to-restart-server-services/ta-p/41294