Hi,
I’m currently setting up a syslog-server to be used for Network equipment and
servers based on rsyslogd (rsyslog-7.4.7-12.el7.x86_64) running on Centos 7.
The logging is working fine and everything goes into the directories I’ve
chosen, but the permissions for the servers seems to be a bit strange and
doesn’t follow the values specified in $DirCreateMode/$FileCreateMode. For
Network equipment this works perfectly!!
Each directory for the servers are created with 0711, should be 0755. Files are
created with 0600, should be 0644.
root@logstore]# cat /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
$FileOwner root
$FileGroup wheel
$FileCreateMode 0644
$DirCreateMode 0755
template (name="remote_server" type="string"
string="/var/log/server/%fromhost%/%fromhost%.log")
template (name="remote_network" type="string"
string="/var/log/network/%fromhost%/%fromhost%.log")
# If received on Facility 22 then sort as server stuff..
if ( ($inputname == 'imudp' or $inputname == 'imtcp') and $syslogfacility == 22
) then {
action (type="omfile" dynaFile="remote_server" DirCreateMode="0755"
FileCreateMode="0644" )
}
# … else sort as network stuff
else if ( $inputname == 'imudp' or $inputname == 'imtcp' ) then {
action(type="omfile" dynaFile="remote_network" DirCreateMode="0755"
FileCreateMode="0644" )
stop
}
# Ignore this host…
if $hostname == 'last' then stop
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
Directories and files created by rsyslogd for servers (not working – 711 for
dir and 600 for files):
ls -la /var/log/server
(…)
drwx--x--x. 2 root root 100 Aug 24 03:19 server-sfe03.domain.local
(…)
ls -la /var/log/server/server-sfe01.domain.local
total 256
drwx--x--x. 2 root root 100 Aug 24 03:19 .
drwxr-xr-x. 9 root root 4096 Aug 24 13:20 ..
-rw-------. 1 root root 241821 Aug 24 13:20 server-sfe01.domain.local.log
-rw-------. 1 root root 7311 Aug 24 01:19
server-sfe01.domain.local.log-20160824.gz
Directories and files created by rsyslogd for networks (this works – 755 for
dir and 644 for files):
ls -l /var/log/network
(…)
drwxr-xr-x. 2 root root 8192 Aug 24 03:18 network-asa01.domain.local
(…)
drwxr-xr-x. 2 root root 8192 Aug 24 03:18 network-asa01.domain.local
ls –al /var/log/network/network-asa01.domain.local
total 83756
drwxr-xr-x. 2 root root 8192 Aug 24 03:18 .
drwxr-xr-x. 53 root root 4096 Aug 23 15:32 ..
-rw-r--r--. 1 root root 9107124 Aug 24 13:33 network-asa01.domain.local.log
(…)
Any help is much appreciated! Why is not DirCreateMode / FileCreateMode
enforced? I’ve checked umask and permissions on both /var/log/network and
/var/log/servers and they are the same.
Thanks in advance!
Regards,
Robin Jonsson
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
