安恒明御综合日志审计平台Agent安装失败排查

发表于   |   分类于 个人笔记   |   暂无评论   |  字数 231

0X01 问题描述

环境:CentOS Linux release 7.7.1908 (Core)
某日在给新做的模板上日志审计客户端的时候碰到如下报错:

[root@localhost bin]# ./install.sh 
Detected RHEL or Fedora:
Installing the DBAPPSecurity Log agent Lock daemon..
Detected RHEL or Fedora:
Installing the DBAPPSecurity Log agent daemon..
Starting DBAPPSecurity Log agent Lock...
Waiting for DBAPPSecurity Log agent Lock.....................
WARNING: DBAPPSecurity Log agent Lock may have failed to start.

0X02 问题排查

首先进入到 wrapper/bin/目录下面,执行./SocAgentService-LINUX console 命令

[root@localhost ~]# cd socAgent/wrapper/bin/
[root@localhost bin]# ./SocAgentService-LINUX console

出现如下提示:

[root@localhost bin]# ./SocAgentService-LINUX console
Running DBAPPSecurity Log agent...
wrapper  | Coding Error.  String contains invalid string token for queued logging: Unable to write to the configured log directory: %s (%s)
wrapper  |   The directory does not exist.
wrapper  | --> Wrapper Started as Console
wrapper  | Java Service Wrapper Community Edition 64-bit 3.5.7
wrapper  |   Copyright (C) 1999-2010 Tanuki Software, Ltd. All Rights Reserved.
wrapper  |     http://wrapper.tanukisoftware.com
wrapper  | 
wrapper  | The configured wrapper.java.command could not be found, attempting to launch anyway: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Launching a JVM...
wrapper  | JVM exited while loading the application.
wrapper  | Unable to start JVM: 没有那个文件或目录 (2)
wrapper  | 
wrapper  | ------------------------------------------------------------------------
wrapper  | Advice:
wrapper  | Usually when the Wrapper fails to start the JVM process, it is because
wrapper  | of a problem with the value of the configured Java command.  Currently:
wrapper  | wrapper.java.command=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Please make sure that the PATH or any other referenced environment
wrapper  | variables are correctly defined for the current environment.
wrapper  | ------------------------------------------------------------------------
wrapper  | 
wrapper  | The configured wrapper.java.command could not be found, attempting to launch anyway: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Launching a JVM...
wrapper  | JVM exited while loading the application.
wrapper  | Unable to start JVM: 没有那个文件或目录 (2)
wrapper  | 
wrapper  | ------------------------------------------------------------------------
wrapper  | Advice:
wrapper  | Usually when the Wrapper fails to start the JVM process, it is because
wrapper  | of a problem with the value of the configured Java command.  Currently:
wrapper  | wrapper.java.command=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Please make sure that the PATH or any other referenced environment
wrapper  | variables are correctly defined for the current environment.
wrapper  | ------------------------------------------------------------------------
wrapper  | 
wrapper  | The configured wrapper.java.command could not be found, attempting to launch anyway: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Launching a JVM...
wrapper  | JVM exited while loading the application.
wrapper  | Unable to start JVM: 没有那个文件或目录 (2)
wrapper  | 
wrapper  | ------------------------------------------------------------------------
wrapper  | Advice:
wrapper  | Usually when the Wrapper fails to start the JVM process, it is because
wrapper  | of a problem with the value of the configured Java command.  Currently:
wrapper  | wrapper.java.command=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Please make sure that the PATH or any other referenced environment
wrapper  | variables are correctly defined for the current environment.
wrapper  | ------------------------------------------------------------------------
wrapper  | 
wrapper  | The configured wrapper.java.command could not be found, attempting to launch anyway: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Launching a JVM...
wrapper  | JVM exited while loading the application.
wrapper  | Unable to start JVM: 没有那个文件或目录 (2)
wrapper  | 
wrapper  | ------------------------------------------------------------------------
wrapper  | Advice:
wrapper  | Usually when the Wrapper fails to start the JVM process, it is because
wrapper  | of a problem with the value of the configured Java command.  Currently:
wrapper  | wrapper.java.command=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Please make sure that the PATH or any other referenced environment
wrapper  | variables are correctly defined for the current environment.
wrapper  | ------------------------------------------------------------------------
wrapper  | 
wrapper  | The configured wrapper.java.command could not be found, attempting to launch anyway: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Launching a JVM...
wrapper  | JVM exited while loading the application.
wrapper  | Unable to start JVM: 没有那个文件或目录 (2)
wrapper  | 
wrapper  | ------------------------------------------------------------------------
wrapper  | Advice:
wrapper  | Usually when the Wrapper fails to start the JVM process, it is because
wrapper  | of a problem with the value of the configured Java command.  Currently:
wrapper  | wrapper.java.command=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
wrapper  | Please make sure that the PATH or any other referenced environment
wrapper  | variables are correctly defined for the current environment.
wrapper  | ------------------------------------------------------------------------
wrapper  | 
wrapper  | There were 5 failed launches in a row, each lasting less than 300 seconds.  Giving up.
wrapper  |   There may be a configuration problem: please check the logs.
wrapper  | <-- Wrapper Stopped

看提示问题为java的路径设置不对

0X03 解决办法

输入命令 which java 查找系统自带的 java 路径
当有软链时需要找到真正的 java 路径,如下所示真正的 java 路径是
/usr/java/jdk1.8.0_45/jre/bin/java

[root@localhost bin]# which java
/usr/bin/java
[root@localhost bin]# ll /usr/bin/java
lrwxrwxrwx. 1 root root 22 12月 18 11:01 /usr/bin/java -> /etc/alternatives/java
[root@localhost bin]# ll /etc/alternatives/java
lrwxrwxrwx. 1 root root 73 12月 18 11:01 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/bin/java
  • 修改 socAgent/wrapper/conf/agentServiceWrapper.conf 文件,把 JAVA_HOME 修改成 java
    路径中对应的 jre 目录,如上的路径需要修改成
set.SOC_JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre
  • 修改 socAgent/wrapper/conf/protectServiceWrapper.conf 文件,把 JAVA_HOME 修改成 java
    路径中对应的 jre 目录,如上图中的路径需要修改成
set.SOC_JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre

更改完成后再重新进行安装

[root@localhost bin]# ./install.sh 
Detected RHEL or Fedora:
The DBAPPSecurity Log agent Lock daemon is already installed.
Detected RHEL or Fedora:
The DBAPPSecurity Log agent daemon is already installed.
Starting DBAPPSecurity Log agent Lock...
Waiting for DBAPPSecurity Log agent Lock....
running: PID:31957

看到agent已经正常安装了
添加新评论