Thanks for your reply! Have I understood it correctly that you suggest removing $FileCreateMode/ $DirCreateMode? I am already using DirCreateMode and FileCreateMode in the action clause.
Regards, Robin On 160825// 00:41 , "[email protected] on behalf of David Lang" <[email protected] on behalf of [email protected]> wrote: when you use action(), it completely ignores the legacy stuff set with $filecreatemode etc. everything needs to be specified in the action() clause. David Lang On Wed, 24 Aug 2016, Robin Jonsson wrote: > Date: Wed, 24 Aug 2016 12:15:05 +0000 > From: Robin Jonsson <[email protected]> > Reply-To: rsyslog-users <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [rsyslog] $DirCreateMode / $FileCreateMode is not enforced > > Hi, > > I’m currently setting up a syslog-server to be used for Network equipment and servers based on rsyslogd (rsyslog-7.4.7-12.el7.x86_64) running on Centos 7. The logging is working fine and everything goes into the directories I’ve chosen, but the permissions for the servers seems to be a bit strange and doesn’t follow the values specified in $DirCreateMode/$FileCreateMode. For Network equipment this works perfectly!! > > Each directory for the servers are created with 0711, should be 0755. Files are created with 0600, should be 0644. > > root@logstore]# cat /etc/rsyslog.conf > $ModLoad imudp > $UDPServerRun 514 > $ModLoad imtcp > $InputTCPServerRun 514 > $WorkDirectory /var/lib/rsyslog > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > $IncludeConfig /etc/rsyslog.d/*.conf > $OmitLocalLogging on > $IMJournalStateFile imjournal.state > $FileOwner root > $FileGroup wheel > $FileCreateMode 0644 > $DirCreateMode 0755 > > template (name="remote_server" type="string" string="/var/log/server/%fromhost%/%fromhost%.log") > template (name="remote_network" type="string" string="/var/log/network/%fromhost%/%fromhost%.log") > > # If received on Facility 22 then sort as server stuff.. > if ( ($inputname == 'imudp' or $inputname == 'imtcp') and $syslogfacility == 22 ) then { > action (type="omfile" dynaFile="remote_server" DirCreateMode="0755" FileCreateMode="0644" ) > } > > # … else sort as network stuff > else if ( $inputname == 'imudp' or $inputname == 'imtcp' ) then { > action(type="omfile" dynaFile="remote_network" DirCreateMode="0755" FileCreateMode="0644" ) > stop > } > # Ignore this host… > if $hostname == 'last' then stop > > *.info;mail.none;authpriv.none;cron.none /var/log/messages > authpriv.* /var/log/secure > mail.* -/var/log/maillog > cron.* /var/log/cron > *.emerg :omusrmsg:* > uucp,news.crit /var/log/spooler > local7.* /var/log/boot.log > > Directories and files created by rsyslogd for servers (not working – 711 for dir and 600 for files): > ls -la /var/log/server > (…) > drwx--x--x. 2 root root 100 Aug 24 03:19 server-sfe03.domain.local > (…) > > ls -la /var/log/server/server-sfe01.domain.local > total 256 > drwx--x--x. 2 root root 100 Aug 24 03:19 . > drwxr-xr-x. 9 root root 4096 Aug 24 13:20 .. > -rw-------. 1 root root 241821 Aug 24 13:20 server-sfe01.domain.local.log > -rw-------. 1 root root 7311 Aug 24 01:19 server-sfe01.domain.local.log-20160824.gz > > Directories and files created by rsyslogd for networks (this works – 755 for dir and 644 for files): > ls -l /var/log/network > (…) > drwxr-xr-x. 2 root root 8192 Aug 24 03:18 network-asa01.domain.local > (…) > > drwxr-xr-x. 2 root root 8192 Aug 24 03:18 network-asa01.domain.local > ls –al /var/log/network/network-asa01.domain.local > total 83756 > drwxr-xr-x. 2 root root 8192 Aug 24 03:18 . > drwxr-xr-x. 53 root root 4096 Aug 23 15:32 .. > -rw-r--r--. 1 root root 9107124 Aug 24 13:33 network-asa01.domain.local.log > (…) > > Any help is much appreciated! Why is not DirCreateMode / FileCreateMode enforced? I’ve checked umask and permissions on both /var/log/network and /var/log/servers and they are the same. > > Thanks in advance! > > Regards, > Robin Jonsson > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

