RHEL 6 rsyslog v5 help
As the title infers I am running RHEL 6.4 which utilizes rsyslog v5. I am trying to set the default permissions for the rsyslog created log files to be 0600. Reading the rsyslog web pages I have found that the $umask 0000 and $FileCreateMode directives can be used to accomplish what I want. However, when I place these directives in /etc/rsyslog.conf they do not work and the permisions remain 0640. Here is a sample of my rsyslog.conf file
#### GLOBAL DIRECTIVES ####
# Set default perms for all log files
$umask 0000 #Prevent rsyslog process umask from interfering.
$FileCreateMode 0600 # Set permissions for log files created
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
I have tried service rsyslog restart and rebooting the system. The permissions never change. Any help would be greatly appreciated.
Elton
Responses
Hi there,
I work in Red Hat GSS and have worked on a few rsyslog cases. Just putting my $0.02 here :)
First, can you please post the entire /etc/rsyslog.conf file here. Reason being, $umask 0000 needs to be right at the top of the config file. rsyslog sometimes is very cautious about privileges and often if we need to give a dedicated, strict set of umask, it needs to go at the very top of the config file. So, please try this once and if this doesn't work, we might need to get the debug log. But then I will ask you to open a support case, because, debug logs will contain confidential information.
To collect debug log, do this.
1) Kill any rsyslog process running.
2) check with ps aux | grep rsyslog to be sure
3) start rsyslog like this
/sbin/rsyslogd -dn -c5 > logfile
4) Wait until it creates the log file with the (non-working) permission set.
5) ctrl-c to stop debug log.
We need to see the logfile created here.
But, as a first step, I would like to see the full rsyslog config and the package version and your kernel version.
C ya,
Soham
Hi Elton. From your comments ("I have tried service rsyslog restart and rebooting the system. The permissions never change.") it seems you are expecting rsyslogd to change the permissions of existing files, which it will not do.
I suspect that's your only problem, but if you'd like to see more explanation of the $umask and $FileCreateMode directives, take a look at the following KCS solution I wrote:
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
