CSP event log error
Hello, would anyone know where in Linux I need to change permissions on this?
it is running a full Apache install and not what came with Cache.
.png)
Comments
In the same directory you have your custom CSP.ini.
Hi Paul,
This depends on the details of how your web server and gateway were set up. Are you unable to log in to the gateway management page? That would normally tell you where the gateway is installed (and thus where the event log and so on are).
Do you have a /webgateway folder under /opt?
https://docs.intersystems.com/iris20221/csp/docbook/DocBook.UI.Page.cls?KEY=GCGI_altApUnix
$ sudo find / -name "CSP.log" 2>/dev/null
Also if selinux enabled and blocking:
$ sestatus
SELinux status: enabled
Validate. (Example correct path as location above)
$ ls -Z /opt/webgateway/logs/CSP.log
Correction. (Example correct path as location above)
$ sudo semanage fcontext -a -t httpd_log_t /opt/webgateway/logs/CSP.log
$ sudo restorecon -v /opt/webgateway/logs/CSP.log
hmm no I have cspgateway and I'm running RHEL 7
find / -name "CSP.log" 2>/dev/null
/opt/cspgateway/bin/CSP.log
/DSA200/cachesys/csp/bin/CSP.log
[root@facstestlinux localusers]# ls -Z /opt/cspgateway
drwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 apache
drwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 bin
drwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 cache
drwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 util
and
root@facstestlinux localusers]# ls -Z /DSA200/cachesys/csp
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 bin
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 broker
-rw-rw-r--. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 Default.csp
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 docbook
-rw-rw-r--. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 favicon.ico
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 samples
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 sys
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 user
If httpd is running under user "apache", in group "apache"
Then might need to chown:
sudo chown apache:apache /opt/cspgateway/bin/CSP.log
Then the "rwx" on group would allow the write.
still not working and I tried the whole dir after just doing the log file also restarted httpd and nada...
[root@facstestlinux localusers]# chown apache:apache /opt/cspgateway/bin/*
[root@facstestlinux localusers]# ls -Z /opt/cspgateway/bin
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 cconnect.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa22.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa22Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa24.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa24Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa2.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa2Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSP.bak
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPcgi
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPcgiSys
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSP.ini
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSP.log
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPn3.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPn3Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPnsd
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPRT.ini
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 libcrypto.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 libssl.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 libz.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 mod_csp22.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 mod_csp24.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 mod_csp2.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 mod_csp.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 nph-CSPcgi
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 nph-CSPcgiSys
drwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 temp
Taking a step back and please don't be offended but I just wanted to confirm something.
When accessing the Web Gateway does the URL in the browser contain the superserver port number.
ie: Is this: http://servername:52773/csp/bin/Systems/Module.cxw (Internal WebServer)
or http://servername/csp/bin/Systems/Module.cxw (External WebServer)
Also...
In the Web Gateway under Configuration -> Default Parameters.
Do you have a non-default value set for "Event Log File"
EDIT: Sorry, didn't notice that Alex Woodhead had already provided this answer ...
If SELinux is enabled, you may need to run the following commands as root:
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webgateway/logs/CSP.log' # restorecon -v '/opt/webgateway/logs/CSP.log'
Note that the '#' character represents the root account prompt and is not part of the command.
I didn't realize that selinux was part of RHEL and I changed the path to reflect where the log files is.
facstestlinux mgr]# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/cspgateway/bin/CSP.log'
[root@facstestlinux mgr]# restorecon -v '/opt/cspgateway/bin/CSP.log'
restorecon reset /opt/cspgateway/bin/CSP.log context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:httpd_sys_rw_content_t:s0
[root@facstestlinux mgr]#
and voila! but I cannot login! sigh
.png)
What error are you getting when you attempt to log in?
fixed that and had to run setsebool -P httpd_can_network_connect on
and it works thank you for all your help I learned new things today!!!
thanks
Paul
At some point I encoutered a problem that required I also run this command:
setsebool -P httpd_unified 1
I can't remember what it fixed, but I do know by the fact that I made a note of it that it fixed something ... 