Hi all, we are trying in vain to configure Rsyslog to work as we want. Searched high and low, found some suggestions but none worked.
It works fine, accepts the logs, creates th folder but.. sets the wrong permissons and hence we hve no access unless we force it. Here the config: ---------------- # /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html # # Default logging rules can be found in /etc/rsyslog.d/50-default.conf ################# #### MODULES #### ################# $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability # provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 $template ASA,"/var/log/LAB/%HOSTNAME%.log" if $fromhost-ip startswith'192.168' then -?ASA & ~ ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Filter duplicated messages $RepeatedMsgReduction on # # Set the default permissions for all log files. # $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $DirOwner syslog $DirGroup adm $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup adm # # Where to place spool files # $WorkDirectory /var/spool/rsyslog # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf ----------------------------------------- and the permissions it sets as follows: drwx------ 2 syslog syslog 4096 Sep 22 02:49 LAB trying to access the folde: -bash: cd: LAB: Permission denied Running on: Ubuntu 18.04.3 LTS \n \l Any suggestions what to do? Rgds -- Sent from: http://rsyslog-users.1305293.n2.nabble.com/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
