Ok, I updated the config to v7 syntax:
template(name="cefdynfile" type="string"
string="/var/log/joe/%msg:F,124:2%/%msg:F,124:3%/logfile")
ruleset(name="tcpcef") {
if $syslogtag=="CEF:" then { action (type="omfile" FileOwner="joe"
FileGroup="joe" DirOwner="joe" DirGroup="joe" DirCreateMode="0755"
FileCreateMode="0644" DynaFile="cefdynfile") stop }
}
Before starting rsyslog, I deleted the existing folder structure so rsyslog
would have to create it again. But again the same issue - folders/files end
up with user/group owner as "joe" but perms are 0700 on folders and 0600 on
files.
On Wed, Jun 5, 2013 at 8:42 PM, Xuri Nagarin <[email protected]> wrote:
> Right above the create mode directives, if I say:
> $FileOwner joe
> $FileGroup joe
> $DirOwner joe
> $DirGroup joe
>
> then rsyslogd follows them correctly and creates all folders/files with
> user/group joe/joe.
>
> Rest of the config looks like this:
> $template cefdynfile,"/var/log/cef/%msg:F,124:2%/%msg:F,124:3%/logfile"
>
> $Ruleset loggercef
> :syslogtag, isequal, "CEF:" ?cefdynfile
>
> $InputTCPServerBindRuleset loggercef
> $InputTCPServerRun 514
>
>
>
>
>
>
> On Wed, Jun 5, 2013 at 8:27 PM, Xuri Nagarin <[email protected]> wrote:
>
>> I upgraded to the latest 7.4.0-1 rpm on RHEL6.
>>
>> In my rsyslog.conf file, I have global directives:
>> $DirCreateMode 0755
>> $FileCreateMode 0644
>>
>> When I run rsyslogd in debug mode, it tells me those modes are good for
>> dynfile and folders/files are created with those perms.
>>
>> 6106.528902784:7fc9beaae700: builtin-file: [dynamic]
>> 6106.528911138:7fc9bca30700: processBatch: batch of 1 elements must be
>> processed
>> 6106.528921969:7fc9bca30700: Processing next rule
>> 6106.528930177:7fc9beaae700: template='cefdynfile'
>> 6106.528938479:7fc9beaae700: use async writer=0
>> 6106.528944460:7fc9beaae700: flush on TX end=1
>> 6106.528950167:7fc9beaae700: flush interval=1
>> 6106.528955803:7fc9beaae700: file cache size=10
>> 6106.528961466:7fc9beaae700: create directories: yes
>> 6106.528967247:7fc9beaae700: file owner 0, group 0
>> 6106.528972786:7fc9beaae700: force chown() for all files: no
>> 6106.528978438:7fc9beaae700: directory owner 0, group 0
>> 6106.528984194:7fc9beaae700: dir create mode 0755, file create mode
>> 0644
>> 6106.528989893:7fc9beaae700: fail if owner/group can not be set: no
>>
>> However, when I start rsyslogd from the init.d script, the folder/file
>> perms revert to the default 0700 and 0600.
>>
>> Any pointers to fix this?
>>
>> TIA.
>>
>>
>>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
