Hi, I’m currently setting up a syslog-server to be used for Network equipment and servers based on rsyslogd (rsyslog-7.4.7-12.el7.x86_64) running on Centos 7. The logging is working fine and everything goes into the directories I’ve chosen, but the permissions for the servers seems to be a bit strange and doesn’t follow the values specified in $DirCreateMode/$FileCreateMode. For Network equipment this works perfectly!!
Each directory for the servers are created with 0711, should be 0755. Files are created with 0600, should be 0644. root@logstore]# cat /etc/rsyslog.conf $ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRun 514 $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state $FileOwner root $FileGroup wheel $FileCreateMode 0644 $DirCreateMode 0755 template (name="remote_server" type="string" string="/var/log/server/%fromhost%/%fromhost%.log") template (name="remote_network" type="string" string="/var/log/network/%fromhost%/%fromhost%.log") # If received on Facility 22 then sort as server stuff.. if ( ($inputname == 'imudp' or $inputname == 'imtcp') and $syslogfacility == 22 ) then { action (type="omfile" dynaFile="remote_server" DirCreateMode="0755" FileCreateMode="0644" ) } # … else sort as network stuff else if ( $inputname == 'imudp' or $inputname == 'imtcp' ) then { action(type="omfile" dynaFile="remote_network" DirCreateMode="0755" FileCreateMode="0644" ) stop } # Ignore this host… if $hostname == 'last' then stop *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log Directories and files created by rsyslogd for servers (not working – 711 for dir and 600 for files): ls -la /var/log/server (…) drwx--x--x. 2 root root 100 Aug 24 03:19 server-sfe03.domain.local (…) ls -la /var/log/server/server-sfe01.domain.local total 256 drwx--x--x. 2 root root 100 Aug 24 03:19 . drwxr-xr-x. 9 root root 4096 Aug 24 13:20 .. -rw-------. 1 root root 241821 Aug 24 13:20 server-sfe01.domain.local.log -rw-------. 1 root root 7311 Aug 24 01:19 server-sfe01.domain.local.log-20160824.gz Directories and files created by rsyslogd for networks (this works – 755 for dir and 644 for files): ls -l /var/log/network (…) drwxr-xr-x. 2 root root 8192 Aug 24 03:18 network-asa01.domain.local (…) drwxr-xr-x. 2 root root 8192 Aug 24 03:18 network-asa01.domain.local ls –al /var/log/network/network-asa01.domain.local total 83756 drwxr-xr-x. 2 root root 8192 Aug 24 03:18 . drwxr-xr-x. 53 root root 4096 Aug 23 15:32 .. -rw-r--r--. 1 root root 9107124 Aug 24 13:33 network-asa01.domain.local.log (…) Any help is much appreciated! Why is not DirCreateMode / FileCreateMode enforced? I’ve checked umask and permissions on both /var/log/network and /var/log/servers and they are the same. Thanks in advance! Regards, Robin Jonsson _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.