Support Questions
Find answers, ask questions, and share your expertise

Configued Nifi data ingestion with Squid. Nifi must access squid logs for it to ingest data into Metron. But it gives me error. Tried adding squid and nifi to root and adm users also, but no luck.

Configued Nifi data ingestion with Squid. Nifi must access squid logs for it to ingest data into Metron. But it gives me error. Tried adding squid and nifi to root and adm users also, but no luck.

20415-nifi-error.png

3 REPLIES 3

Re: Configued Nifi data ingestion with Squid. Nifi must access squid logs for it to ingest data into Metron. But it gives me error. Tried adding squid and nifi to root and adm users also, but no luck.

Master Guru

While logged in as the user running your NiFi, can you access the file /var/log/squid/access.log manually from the command line?

Re: Configued Nifi data ingestion with Squid. Nifi must access squid logs for it to ingest data into Metron. But it gives me error. Tried adding squid and nifi to root and adm users also, but no luck.

No I cannot access it. I tried everything even adding them into the root group. But it is not allowing me.

Re: Configued Nifi data ingestion with Squid. Nifi must access squid logs for it to ingest data into Metron. But it gives me error. Tried adding squid and nifi to root and adm users also, but no luck.

Master Guru

@Rahul P

This really does not seem like a NiFi specific issue. If the user the NiFi application is running as cannot access the file even locally outside of nifi on the command line, there is no way the Nifi processor is going to be successful attempting to do the same.

First I would confirm what user owns the NiFi process using "ps -ef|grep nifi"

Then I would make sure that that user can navigate the /var/log/squid/ directory path. In order for a user to access a directory the directory execute (x) permissions allowed for that user.

let assume the following:

ls -latrh /var/log|grep squid
drwxr-x---.  2 squid      squid    23 Jul 14 14:09 squid

ls -latrh /var/log/squid/|grep access
-rw-rw-r--.  1 squid squid    5 Jul 14 14:09 access.log

As you can see here the directory "squid" is owned by squid and has permissions of 750 which means only teh user squid or users in the squid group can access this directory. It does not matter that the file access.log inside his directory has 644 permissions which would allow others to read the access.log.

You can also use the "getfacl" command to see the complete access control list for a directory or file. This allows you to see if any ACL restrictions have been placed on these directories or files.

# getfacl /var/log/squid
getfacl: Removing leading '/' from absolute path names
# file: var/log/squid
# owner: squid
# group: squid
user::rwx
group::r-x
other::---


# getfacl /var/log/squid/access.log
getfacl: Removing leading '/' from absolute path names
# file: var/log/squid/access.log
# owner: squid
# group: squid
user::rw-
group::rw-
other::r--

Then you can run the "id" command on the user running your NiFi and make sure it has access to teh directory path and file based on the above outputs.

id nifi
uid=1002(nifi) gid=1000(hadoop) groups=1000(hadoop),1001(nifi)

Thanks,

Matt