Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
Folder created with the wrong permissions??
rsyslog at lists
Sep 21, 2019, 8:18 PM
Post #1 of 5 (470 views)
Permalink
Hi all,

we are trying in vain to configure Rsyslog to work as we want. Searched high
and low, found some suggestions but none worked.

It works fine, accepts the logs, creates th folder but.. sets the wrong
permissons and hence we hve no access unless we force it.

Here the config:
----------------
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark # provides --MARK-- message capability

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$template ASA,"/var/log/LAB/%HOSTNAME%.log"
if $fromhost-ip startswith'192.168' then -?ASA
& ~

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$DirOwner syslog
$DirGroup adm
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup adm

#
# Where to place spool files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

-----------------------------------------

and the permissions it sets as follows:
drwx------ 2 syslog syslog 4096 Sep 22 02:49 LAB

trying to access the folde:
-bash: cd: LAB: Permission denied

Running on: Ubuntu 18.04.3 LTS \n \l


Any suggestions what to do?
Rgds



--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Folder created with the wrong permissions?? [ In reply to ]
rsyslog at lists
Sep 21, 2019, 9:59 PM
Post #2 of 5 (470 views)
Permalink
This sounds familiar.

Perhaps this file is to blame?

/usr/lib/tmpfiles.d/00rsyslog.conf

https://unix.stackexchange.com/questions/377376/permissions-on-var-log-reset-on-boot/377389

Sending via mobile; please pardon briefness, tyops, etc.

On Sep 21, 2019 10:18 PM, GeorgB via rsyslog <rsyslog@lists.adiscon.com> wrote:
Hi all,

we are trying in vain to configure Rsyslog to work as we want. Searched high
and low, found some suggestions but none worked.

It works fine, accepts the logs, creates th folder but.. sets the wrong
permissons and hence we hve no access unless we force it.

Here the config:
----------------
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark # provides --MARK-- message capability

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$template ASA,"/var/log/LAB/%HOSTNAME%.log"
if $fromhost-ip startswith'192.168' then -?ASA
& ~

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$DirOwner syslog
$DirGroup adm
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup adm

#
# Where to place spool files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

-----------------------------------------

and the permissions it sets as follows:
drwx------ 2 syslog syslog 4096 Sep 22 02:49 LAB

trying to access the folde:
-bash: cd: LAB: Permission denied

Running on: Ubuntu 18.04.3 LTS \n \l


Any suggestions what to do?
Rgds



--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Folder created with the wrong permissions?? [ In reply to ]
rsyslog at lists
Sep 22, 2019, 12:35 AM
Post #3 of 5 (468 views)
Permalink
you set the permissions after the lines that write the files.

this is exactly the sort of confusion that the new action() syntax was designed
to eliminate, rathe than the results of the write depending on what lines appear
ahead of it in the file (or in the ruleset if you use them), they only depend on
the parameters of the action() call

David Lang

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Folder created with the wrong permissions?? [ In reply to ]
rsyslog at lists
Sep 22, 2019, 3:11 PM
Post #4 of 5 (468 views)
Permalink
Hi, thanks for the hint.

Moved my template and BINGO.

Thank you.



--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Folder created with the wrong permissions?? [ In reply to ]
rsyslog at lists
Sep 22, 2019, 6:38 PM
Post #5 of 5 (468 views)
Permalink
current versions of rsyslog have a -o option that will output the config as
rsyslog sees it, try this with your old and new versions, and I think the
problem will be obvious

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal