CB Response: Services failing to start at coreservices after recent changes to Syslog
book
Article ID: 290487
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Error in /var/log/cb/coreservices/startup.log
Traceback (most recent call last):
File "/usr/share/cb/virtualenv/bin/gunicorn", line 11, in <module>
sys.exit(run())
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 74, in run
WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/app/base.py", line 203, in run
super(Application, self).run()
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/app/base.py", line 72, in run
Arbiter(self).run()
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 60, in __init__
self.setup(app)
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/arbiter.py", line 95, in setup
self.log = self.cfg.logger_class(app.cfg)
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/glogging.py", line 193, in __init__
self.setup(cfg)
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/gunicorn/glogging.py", line 232, in setup
disable_existing_loggers=False)
File "/usr/lib64/python2.7/logging/config.py", line 85, in fileConfig
handlers = _install_handlers(cp, formatters)
File "/usr/lib64/python2.7/logging/config.py", line 163, in _install_handlers
h = klass(*args)
File "/usr/share/cb/virtualenv/lib/python2.7/site-packages/cb/utils/cb_logging.py", line 37, in __init__
File "/usr/lib64/python2.7/logging/handlers.py", line 761, in __init__
self._connect_unixsocket(address)
File "/usr/lib64/python2.7/logging/handlers.py", line 804, in _connect_unixsocket
self.socket.connect(address)
File "/usr/lib64/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 2] No such file or directory
Rsyslog errors in /var/log/messages
rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line #:
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
Environment
CB Response Server: 6.x or higher
Syslog integration is enabled
Cause
There is a misconfiguration in /etc/rsyslog.conf preventing services from starting
Resolution
Fix any issues in /etc/rsyslog.conf as indicated by errors in /var/log/messages