Yep, that fixed it :) $umask 0000
Thanks again. On Thu, Jun 6, 2013 at 11:58 AM, Xuri Nagarin <[email protected]> wrote: > No umask set explicitly in rsyslog.conf. debug log says: > "6106.534787253:7fc9beaae700: Command 'umask':" > > Default system umask is "0022" > > Let me try to set the umask var in rsyslog.conf and see if that changes > things. > > Thanks Rainer. > > > > > > On Thu, Jun 6, 2013 at 11:52 AM, Rainer Gerhards <[email protected] > > wrote: > >> What's the umask set to? >> >> Sent from phone, thus brief. >> Am 06.06.2013 19:36 schrieb "Xuri Nagarin" <[email protected]>: >> >> > Ok, I updated the config to v7 syntax: >> > >> > template(name="cefdynfile" type="string" >> > string="/var/log/joe/%msg:F,124:2%/%msg:F,124:3%/logfile") >> > >> > ruleset(name="tcpcef") { >> > if $syslogtag=="CEF:" then { action (type="omfile" FileOwner="joe" >> > FileGroup="joe" DirOwner="joe" DirGroup="joe" DirCreateMode="0755" >> > FileCreateMode="0644" DynaFile="cefdynfile") stop } >> > } >> > >> > Before starting rsyslog, I deleted the existing folder structure so >> rsyslog >> > would have to create it again. But again the same issue - folders/files >> end >> > up with user/group owner as "joe" but perms are 0700 on folders and >> 0600 on >> > files. >> > >> > >> > >> > >> > >> > On Wed, Jun 5, 2013 at 8:42 PM, Xuri Nagarin <[email protected]> wrote: >> > >> > > Right above the create mode directives, if I say: >> > > $FileOwner joe >> > > $FileGroup joe >> > > $DirOwner joe >> > > $DirGroup joe >> > > >> > > then rsyslogd follows them correctly and creates all folders/files >> with >> > > user/group joe/joe. >> > > >> > > Rest of the config looks like this: >> > > $template >> cefdynfile,"/var/log/cef/%msg:F,124:2%/%msg:F,124:3%/logfile" >> > > >> > > $Ruleset loggercef >> > > :syslogtag, isequal, "CEF:" ?cefdynfile >> > > >> > > $InputTCPServerBindRuleset loggercef >> > > $InputTCPServerRun 514 >> > > >> > > >> > > >> > > >> > > >> > > >> > > On Wed, Jun 5, 2013 at 8:27 PM, Xuri Nagarin <[email protected]> >> wrote: >> > > >> > >> I upgraded to the latest 7.4.0-1 rpm on RHEL6. >> > >> >> > >> In my rsyslog.conf file, I have global directives: >> > >> $DirCreateMode 0755 >> > >> $FileCreateMode 0644 >> > >> >> > >> When I run rsyslogd in debug mode, it tells me those modes are good >> for >> > >> dynfile and folders/files are created with those perms. >> > >> >> > >> 6106.528902784:7fc9beaae700: builtin-file: [dynamic] >> > >> 6106.528911138:7fc9bca30700: processBatch: batch of 1 elements must >> be >> > >> processed >> > >> 6106.528921969:7fc9bca30700: Processing next rule >> > >> 6106.528930177:7fc9beaae700: template='cefdynfile' >> > >> 6106.528938479:7fc9beaae700: use async writer=0 >> > >> 6106.528944460:7fc9beaae700: flush on TX end=1 >> > >> 6106.528950167:7fc9beaae700: flush interval=1 >> > >> 6106.528955803:7fc9beaae700: file cache size=10 >> > >> 6106.528961466:7fc9beaae700: create directories: yes >> > >> 6106.528967247:7fc9beaae700: file owner 0, group 0 >> > >> 6106.528972786:7fc9beaae700: force chown() for all files: no >> > >> 6106.528978438:7fc9beaae700: directory owner 0, group 0 >> > >> 6106.528984194:7fc9beaae700: dir create mode 0755, file create >> mode >> > >> 0644 >> > >> 6106.528989893:7fc9beaae700: fail if owner/group can not be set: >> no >> > >> >> > >> However, when I start rsyslogd from the init.d script, the >> folder/file >> > >> perms revert to the default 0700 and 0600. >> > >> >> > >> Any pointers to fix this? >> > >> >> > >> TIA. >> > >> >> > >> >> > >> >> > > >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> > DON'T LIKE THAT. >> > >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
