This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Oneagent is unable to log the Java process logs in some cases causing warning messages at the time of process initiation

Go to solution
suneel_k_kamise
Participant

‎21 Nov 2018 01:16 AM

Hi ,

When I run the beeline command on Hadoop Edge nodes, the commandline shows below warning messages saying permission denied while reading the log files by one agent under "/opt/dynatrace/oneagent/log/java" (on Linux OS). However, when I run the same command as a root its working fine and creating the log files in the same location.

Can you please advise, if there ant config setting can be changes to fix the issue. We noticed this issue with beeline as of now.

Error message:

Cannot open log file '/opt/dynatrace/oneagent/log/java/ruxitagent_org.apache.hadoop.util.VersionInfo_bootstrap_57136.0.log': Permission denied


Labels:
0 Kudos
Reply
6 REPLIES 6

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend

‎21 Nov 2018 07:22 AM

There errors are most likely caused by bad permissions on Oneagent directories.
- What is the ownership and permissions of /opt/dynatrace/oneagent/log/java ? (post a "ls -al" output)
- Is your Linux agent running in non root mode or in root mode?


Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
0 Kudos
Reply

Go to solution
suneel_k_kamise
Participant

‎21 Nov 2018 04:27 PM

Yes, the directory owned by root. We see this issue only for maprcli commands. For other Java related apps, it is working fine.

drwxrwxr-t 2 root dtuser 233XX Nov 21 07:00 java


0 Kudos
Reply

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend

‎21 Nov 2018 06:52 PM

Your current permission require the user starting the Java process to be either root or member of the dtuser group to be able to write logs into this directory. So either you add the write permission to others or you need to add the user into the dtuser group.


Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
0 Kudos
Reply

Go to solution
radek_jasinski
DynaMight Guru
DynaMight Guru

‎21 Nov 2018 07:06 PM

Did you install the Dynatrace Agent from the root user?

If not, the easiest way will be to reinstall the agent using the root user.

The Dynatrace user will then be given appropriate permissions to instrumentation of application processes.


Have a nice day!
Reply

Go to solution
suneel_k_kamise
Participant

‎12 Dec 2018 06:15 PM

Apologies for the late reply.

If I add the WW permissions, the issue is not reoccurring. However, this is not a best practice from Security standards.

Though we installed the agent with a root user, still it is expecting WW permissions. Does Dyntrace has any solution?


0 Kudos
Reply

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend
In response to suneel_k_kamise

‎13 Dec 2018 08:05 AM

Actually this is ok, the log file directory must be writable for any user. Normally this should have following permissions and ownership:
drwxrwxrwt 1 root dtuser 182 Dec 13 08:57 log

Notice the t flag, this will prevent removing files not owned by the process.
The directory must be writable for everybody, since oneagents injected into applications are running in context of the application itself and typically run as different user than the OS part of oneagent.

I think you have some hardening / security script running on your system to find directories writable for everybody and changing permissions. Or someone did this manually.


Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
Reply
Ask a question

Featured Posts