I’m getting a warning message in our CheckMK site which says:
“ca-certificates: Failed to add certificate ‘/xxx/xxx/xxx/thisDevice.pem’ to trusted CA certificates. See web.log for details”
I logged into the site using ‘omd su mySite’. I switched to the /var/log/ dir but I do not see a web.log file there. I thought maybe the web.log might be in the /var/log/httpd/ dir but I don’t have permissions to access that directory.
I’ve got two questions:
1 - Where else might the web.log file be located?
2 - Root seems to own the httpd dir but the system root pw is not the correct password. When I attempt to sudo su, I get prompted for a site password like: “[sudo] password for mySite:”. This pw is not the cmkadmin pw (I tried that). What is the site password and is there such a thing as a site root user/password?
That’s where I went to go look for the web.log file but it wasn’t there. When I attempted to switch to the httpd dir from /var/log/, I was prompted for the site username. Have you ever seen that? Is there a site root user as well that’s different from the site username?
first if you down want checkmk to steal all your private keys you can disable that in the GUI (this error comes when the site user tried to copy your SYSTEM certificates to the site and in a distributed monitoring setup copy them to all sites.
second there are no logs in /var/logs - each site have its own logs, there are multiple instructions on checkmk.com in how to use checkmk.
third there is no know password for the site, you dont need it. you either change site as root or use the “cmk su” command
be careful. /var/log (the log directory of your operating system) is not the same as /omd/sites/<your site>/var/log(the log directory of your checkmk site).
If you switch to the site user and enter cd /var/log, you are in /var/log and not in /omd/sites/<your site>/var/log.
So if you want to go to the sites var log directory as the site user you can either cd ~/var/log or cd /omd/sites/<your site>/var/log.
The cmkadmin user is checkmk internal only, it is no operating system user
Usually root is disabled in most modern distributions
Usually there is an administrative user, that is being created by you during installation that has administrative rights, meaning he is allowed to run sudo
To switch to the site user you can e.g. login as the administrative user and do a sudo omd su <your site user> or sudo -i and then su - <your sitename> or omd su <your sitename>
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.