2016-08-25 8:01 GMT+02:00 Robin Jonsson <[email protected]>:
> Thanks for your reply!
>
> Have I understood it correctly that you suggest removing $FileCreateMode/
> $DirCreateMode? I am already using DirCreateMode and FileCreateMode in the 
> action clause.

This sounds like there is a problem applying the modes. With the old
version, you only see this in a debug log. So the next step is to
activate rsyslog debug logging and check for errors during file
creation.

HTH
Rainer
>
> Regards,
> Robin
>
> On 160825// 00:41 , "[email protected] on behalf of David 
> Lang" <[email protected] on behalf of [email protected]> wrote:
>
>     when you use action(), it completely ignores the legacy stuff set with
>     $filecreatemode etc. everything needs to be specified in the action() 
> clause.
>
>     David Lang
>
>     On Wed, 24 Aug 2016, Robin Jonsson wrote:
>
>     > Date: Wed, 24 Aug 2016 12:15:05 +0000
>     > From: Robin Jonsson <[email protected]>
>     > Reply-To: rsyslog-users <[email protected]>
>     > To: "[email protected]" <[email protected]>
>     > Subject: [rsyslog] $DirCreateMode / $FileCreateMode is not enforced
>     >
>     > Hi,
>     >
>     > I’m currently setting up a syslog-server to be used for Network 
> equipment and servers based on rsyslogd (rsyslog-7.4.7-12.el7.x86_64) running 
> on Centos 7. The logging is working fine and everything goes into the 
> directories I’ve chosen, but the permissions for the servers seems to be a 
> bit strange and doesn’t follow the values specified in 
> $DirCreateMode/$FileCreateMode. For Network equipment this works perfectly!!
>     >
>     > Each directory for the servers are created with 0711, should be 0755. 
> Files are created with 0600, should be 0644.
>     >
>     > root@logstore]# cat /etc/rsyslog.conf
>     > $ModLoad imudp
>     > $UDPServerRun 514
>     > $ModLoad imtcp
>     > $InputTCPServerRun 514
>     > $WorkDirectory /var/lib/rsyslog
>     > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>     > $IncludeConfig /etc/rsyslog.d/*.conf
>     > $OmitLocalLogging on
>     > $IMJournalStateFile imjournal.state
>     > $FileOwner root
>     > $FileGroup wheel
>     > $FileCreateMode 0644
>     > $DirCreateMode 0755
>     >
>     > template (name="remote_server" type="string" 
> string="/var/log/server/%fromhost%/%fromhost%.log")
>     > template (name="remote_network" type="string" 
> string="/var/log/network/%fromhost%/%fromhost%.log")
>     >
>     > # If received on Facility 22 then sort as server stuff..
>     > if ( ($inputname == 'imudp' or $inputname == 'imtcp') and 
> $syslogfacility == 22 ) then {
>     > action (type="omfile" dynaFile="remote_server" DirCreateMode="0755" 
> FileCreateMode="0644" )
>     > }
>     >
>     > # … else sort as network stuff
>     > else if ( $inputname == 'imudp' or $inputname == 'imtcp' ) then {
>     > action(type="omfile" dynaFile="remote_network" DirCreateMode="0755" 
> FileCreateMode="0644" )
>     > stop
>     > }
>     > # Ignore this host…
>     > if $hostname == 'last' then stop
>     >
>     > *.info;mail.none;authpriv.none;cron.none                
> /var/log/messages
>     > authpriv.*                                              /var/log/secure
>     > mail.*                                                  
> -/var/log/maillog
>     > cron.*                                                  /var/log/cron
>     > *.emerg                                                 :omusrmsg:*
>     > uucp,news.crit                                          /var/log/spooler
>     > local7.*                                                
> /var/log/boot.log
>     >
>     > Directories and files created by rsyslogd for servers (not working – 
> 711 for dir and 600 for files):
>     > ls -la /var/log/server
>     > (…)
>     > drwx--x--x.  2 root root  100 Aug 24 03:19 server-sfe03.domain.local
>     > (…)
>     >
>     > ls -la /var/log/server/server-sfe01.domain.local
>     > total 256
>     > drwx--x--x. 2 root root    100 Aug 24 03:19 .
>     > drwxr-xr-x. 9 root root   4096 Aug 24 13:20 ..
>     > -rw-------. 1 root root 241821 Aug 24 13:20 
> server-sfe01.domain.local.log
>     > -rw-------. 1 root root   7311 Aug 24 01:19 
> server-sfe01.domain.local.log-20160824.gz
>     >
>     > Directories and files created by rsyslogd for networks (this works – 
> 755 for dir and 644 for files):
>     > ls -l /var/log/network
>     > (…)
>     > drwxr-xr-x.  2 root root 8192 Aug 24 03:18 network-asa01.domain.local
>     > (…)
>     >
>     > drwxr-xr-x.  2 root root 8192 Aug 24 03:18 network-asa01.domain.local
>     > ls –al /var/log/network/network-asa01.domain.local
>     > total 83756
>     > drwxr-xr-x.  2 root root    8192 Aug 24 03:18 .
>     > drwxr-xr-x. 53 root root    4096 Aug 23 15:32 ..
>     > -rw-r--r--.  1 root root 9107124 Aug 24 13:33 
> network-asa01.domain.local.log
>     > (…)
>     >
>     > Any help is much appreciated! Why is not DirCreateMode / FileCreateMode 
> enforced? I’ve checked umask and permissions on both /var/log/network and 
> /var/log/servers and they are the same.
>     >
>     > Thanks in advance!
>     >
>     > Regards,
>     > Robin Jonsson
>     > _______________________________________________
>     > rsyslog mailing list
>     > http://lists.adiscon.net/mailman/listinfo/rsyslog
>     > http://www.rsyslog.com/professional-services/
>     > What's up with rsyslog? Follow https://twitter.com/rgerhards
>     > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a 
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you 
> DON'T LIKE THAT.
>
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to