No umask set explicitly in rsyslog.conf. debug log says: "6106.534787253:7fc9beaae700: Command 'umask':"
Default system umask is "0022" Let me try to set the umask var in rsyslog.conf and see if that changes things. Thanks Rainer. On Thu, Jun 6, 2013 at 11:52 AM, Rainer Gerhards <[email protected]>wrote: > What's the umask set to? > > Sent from phone, thus brief. > Am 06.06.2013 19:36 schrieb "Xuri Nagarin" <[email protected]>: > > > Ok, I updated the config to v7 syntax: > > > > template(name="cefdynfile" type="string" > > string="/var/log/joe/%msg:F,124:2%/%msg:F,124:3%/logfile") > > > > ruleset(name="tcpcef") { > > if $syslogtag=="CEF:" then { action (type="omfile" FileOwner="joe" > > FileGroup="joe" DirOwner="joe" DirGroup="joe" DirCreateMode="0755" > > FileCreateMode="0644" DynaFile="cefdynfile") stop } > > } > > > > Before starting rsyslog, I deleted the existing folder structure so > rsyslog > > would have to create it again. But again the same issue - folders/files > end > > up with user/group owner as "joe" but perms are 0700 on folders and 0600 > on > > files. > > > > > > > > > > > > On Wed, Jun 5, 2013 at 8:42 PM, Xuri Nagarin <[email protected]> wrote: > > > > > Right above the create mode directives, if I say: > > > $FileOwner joe > > > $FileGroup joe > > > $DirOwner joe > > > $DirGroup joe > > > > > > then rsyslogd follows them correctly and creates all folders/files with > > > user/group joe/joe. > > > > > > Rest of the config looks like this: > > > $template cefdynfile,"/var/log/cef/%msg:F,124:2%/%msg:F,124:3%/logfile" > > > > > > $Ruleset loggercef > > > :syslogtag, isequal, "CEF:" ?cefdynfile > > > > > > $InputTCPServerBindRuleset loggercef > > > $InputTCPServerRun 514 > > > > > > > > > > > > > > > > > > > > > On Wed, Jun 5, 2013 at 8:27 PM, Xuri Nagarin <[email protected]> > wrote: > > > > > >> I upgraded to the latest 7.4.0-1 rpm on RHEL6. > > >> > > >> In my rsyslog.conf file, I have global directives: > > >> $DirCreateMode 0755 > > >> $FileCreateMode 0644 > > >> > > >> When I run rsyslogd in debug mode, it tells me those modes are good > for > > >> dynfile and folders/files are created with those perms. > > >> > > >> 6106.528902784:7fc9beaae700: builtin-file: [dynamic] > > >> 6106.528911138:7fc9bca30700: processBatch: batch of 1 elements must be > > >> processed > > >> 6106.528921969:7fc9bca30700: Processing next rule > > >> 6106.528930177:7fc9beaae700: template='cefdynfile' > > >> 6106.528938479:7fc9beaae700: use async writer=0 > > >> 6106.528944460:7fc9beaae700: flush on TX end=1 > > >> 6106.528950167:7fc9beaae700: flush interval=1 > > >> 6106.528955803:7fc9beaae700: file cache size=10 > > >> 6106.528961466:7fc9beaae700: create directories: yes > > >> 6106.528967247:7fc9beaae700: file owner 0, group 0 > > >> 6106.528972786:7fc9beaae700: force chown() for all files: no > > >> 6106.528978438:7fc9beaae700: directory owner 0, group 0 > > >> 6106.528984194:7fc9beaae700: dir create mode 0755, file create mode > > >> 0644 > > >> 6106.528989893:7fc9beaae700: fail if owner/group can not be set: no > > >> > > >> However, when I start rsyslogd from the init.d script, the folder/file > > >> perms revert to the default 0700 and 0600. > > >> > > >> Any pointers to fix this? > > >> > > >> TIA. > > >> > > >> > > >> > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
