collectd permission denied to connect to remote host

Question

I have 4 machines. I have to monitor their different statistics. I have decided to use graphite/collectd for this purpose. OS on all machine is centos 7. I have configured graphite successfully and collectd on two machines also. But remaning two machines are giving following error and are not displaying in graphite-web dashboard

 write_graphite plugin: Connecting to 11.11.10.41:2003 via tcp failed. The last error was: failed to connect to remote host: Permission denied
Jan 14 15:11:51 node3 collectd[31343]: Filter subsystem: Built-in target `write': Dispatching value to all write plugins failed with status -1.

Where 11.11.10.41 is my machine where graphite is running. What I have done for collectd installation. I have just change plugin info in collectd configuration like below on all machines.

<Plugin write_graphite>
  <Node "example">
    Host "11.11.10.41"
    Port "2003"
    Protocol "tcp"
    LogSendErrors true
    Prefix "collectd."
#    Postfix "collectd"
    StoreRates true
    AlwaysAppendDS false
    EscapeCharacter "_"
  </Node>
</Plugin>

I have flushed iptables also. But I am amazed that two machines are sending data but two are not. Where is the problem

score 4 · Accepted Answer · answered Jan 20 '16 at 15:24

I have had similar kind of error due to selinux .

You can follow the doc to allow collectd to send metrics https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html

for me the steps were following command.

    audit2allow -a
    audit2allow -a -M collectd_t
    semodule -i collectd_t.pp

score 1 · Answer 2 · answered Sep 12 '16 at 10:28

1

I also faced same issue then : collectd[3013]: write_graphite plugin: Connecting to IP:2003 via tcp failed. The last error was: Permission denied

Then I installed yum install selinux-policy.noarch

My issue resolved after install selinux policy

answered Sep 12 '16 at 10:28

Amit Joshi

11
1

score 1 · Answer 3 · answered Oct 21 '18 at 18:12

1

Know this is somewhat old, but...

while using SELinux, at least on CentOS 7 hosts, you may give collectd the necessary permissions with:

setsebool collectd_tcp_network_connect on

answered Oct 21 '18 at 18:12

vroman

11
1

That's genius! It really the best/simplest answer. And it works on Fedora and bash completion knows about this parameter. – DenisKolodin Dec 13 '20 at 09:22

collectd permission denied to connect to remote host

3 Answers3