Splunk Forwarder cant access "/var/log/messages"
Issue
Splunk log forwarder running under userID splunk
cannot access /var/log/messages
, throwing errors similar to :
05-05-2017 06:40:54.704 +0400 WARN TailingProcessor - Insufficient permissions to read file='/var/log/messages' (hint: Permission denied).
Environment
- Red Hat Enterprise Linux (RHEL)
- Splunk agent (Splunk Forwarder) running as unprivileged user
splunk
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.