CSP event log error

Question

Question

Paul Coviello · Jul 8, 2022

#Web Gateway #Caché

Hello, would anyone know where in Linux I need to change permissions on this?

it is running a full Apache install and not what came with Cache.

Discussion (13)1

Log in or sign up to continue

Alex Woodhead · Jul 11, 2022

$ sudo find / -name "CSP.log" 2>/dev/null

Also if selinux enabled and blocking:
$ sestatus
SELinux status: enabled

Validate. (Example correct path as location above)

$ ls -Z /opt/webgateway/logs/CSP.log

Correction. (Example correct path as location above)

$ sudo semanage fcontext -a -t httpd_log_t /opt/webgateway/logs/CSP.log
$ sudo restorecon -v /opt/webgateway/logs/CSP.log

0 0

Alex Woodhead · Jul 11, 2022

If httpd is running under user "apache", in group "apache"

Then might need to chown:

sudo chown apache:apache /opt/cspgateway/bin/CSP.log

Then the "rwx" on group would allow the write.

0 0

Alex Woodhead · Jul 11, 2022

Taking a step back and please don't be offended but I just wanted to confirm something.
When accessing the Web Gateway does the URL in the browser contain the superserver port number.
ie: Is this: http://servername:52773/csp/bin/Systems/Module.cxw (Internal WebServer)
or http://servername/csp/bin/Systems/Module.cxw (External WebServer)

Also...
In the Web Gateway under Configuration -> Default Parameters.
Do you have a non-default value set for "Event Log File"

0 0

Jeffrey Drumm · Jul 13, 2022

At some point I encoutered a problem that required I also run this command:

setsebool -P httpd_unified 1

I can't remember what it fixed, but I do know by the fact that I made a note of it that it fixed something ...

0 0

score 0 · Answer 1 · 2022-07-08T16:36:32-04:00

Eduard Lebedyuk · Jul 8, 2022

In the same directory you have your custom CSP.ini.

0 0

score 0 · Answer 2 · 2022-07-08T16:36:38-04:00

Hi Paul,

This depends on the details of how your web server and gateway were set up. Are you unable to log in to the gateway management page? That would normally tell you where the gateway is installed (and thus where the event log and so on are).

Do you have a /webgateway folder under /opt?

https://docs.intersystems.com/iris20221/csp/docbook/DocBook.UI.Page.cls?KEY=GCGI_altApUnix

score 0 · Answer 3 · 2022-07-11T09:12:22-04:00

hmm no I have cspgateway and I'm running RHEL 7

find / -name "CSP.log" 2>/dev/null
/opt/cspgateway/bin/CSP.log
/DSA200/cachesys/csp/bin/CSP.log
[root@facstestlinux localusers]# ls -Z /opt/cspgateway
drwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 apache
drwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 bin
drwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 cache
drwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 util

and

root@facstestlinux localusers]# ls -Z /DSA200/cachesys/csp

drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 bin
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 broker
-rw-rw-r--. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 Default.csp
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 docbook
-rw-rw-r--. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 favicon.ico
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 samples
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 sys
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 user

score 0 · Answer 4 · 2022-07-11T10:31:44-04:00

still not working and I tried the whole dir after just doing the log file also restarted httpd and nada...

[root@facstestlinux localusers]# chown apache:apache /opt/cspgateway/bin/*
[root@facstestlinux localusers]# ls -Z /opt/cspgateway/bin
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 cconnect.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa22.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa22Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa24.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa24Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa2.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPa2Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSP.bak
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPcgi
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPcgiSys
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSP.ini
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSP.log
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPn3.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPn3Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPnsd
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 CSPRT.ini
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 libcrypto.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 libssl.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 libz.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 mod_csp22.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 mod_csp24.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 mod_csp2.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 mod_csp.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 nph-CSPcgi
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 nph-CSPcgiSys
drwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0 temp

score 1 · Answer 5 · 2022-07-13T09:47:08-04:00

EDIT: Sorry, didn't notice that Alex Woodhead had already provided this answer ...

If SELinux is enabled, you may need to run the following commands as root:

# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webgateway/logs/CSP.log'
# restorecon -v '/opt/webgateway/logs/CSP.log'

Note that the '#' character represents the root account prompt and is not part of the command.

score 0 · Answer 6 · 2022-07-13T14:56:29-04:00

I didn't realize that selinux was part of RHEL and I changed the path to reflect where the log files is.

facstestlinux mgr]# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/cspgateway/bin/CSP.log'
[root@facstestlinux mgr]# restorecon -v '/opt/cspgateway/bin/CSP.log'
restorecon reset /opt/cspgateway/bin/CSP.log context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:httpd_sys_rw_content_t:s0
[root@facstestlinux mgr]#

score 0 · Answer 7 · 2022-07-13T15:10:13-04:00

Paul Coviello · Jul 13, 2022

and voila! but I cannot login! sigh

0 0

score 0 · Answer 8 · 2022-07-13T15:59:56-04:00

Jeffrey Drumm · Jul 13, 2022

What error are you getting when you attempt to log in?

0 0

score 1 · Answer 9 · 2022-07-13T16:19:50-04:00

fixed that and had to run setsebool -P httpd_can_network_connect on

and it works thank you for all your help I learned new things today!!!

thanks

Paul