Rsyslog – Reading imfile from Perforce Directory

rsyslogsyslogUbuntu

I am facing an issue in an Ubuntu server where Rsyslog is not able to read any file from the Perforce logs directory.

I tested that Rsyslog configuration for the imfile module is working properly since it is able to read from other directories including /home.

I also added syslog user to perforce group and vice-versa but it still didn't work.

One workaround I found but obviously not suitable for production is to do something like:

tail -f /perforce/logs/log.csv >> /home/monitoredlogfile

some useful info :

drwxr----- 2 perforce perforce 4096 Jun 11 14:01 logs

id syslog
uid=104(syslog) gid=108(syslog) groups=108(syslog),4(adm),1010(perforce)

id perforce
uid=1010(perforce) gid=1010(perforce) groups=1010(perforce),108(syslog)

Any idea what could be going wrong ?

Best Answer

Your perforce group can only read the repo /perforce/logs you need to add "x" to that folder to allow this group to access that folder.

Also be sure your /perforce folder has the same permission. Even if your /perforce/logs has rwxrwxrwx as persmission, if your /perforce is only rwx------ then the group won't never be able to access it.

If you don't want to play with the application permission you could use ACL instead to give access to syslog user to your folder 

$ sudo setfacl -m u:syslog:rx -R /perforce/logs/ 
$ sudo getfacl /perforce/logs/

Careful : once I tried that with Kubernetes (giving access to syslog to /var/lib/docker/containers), but it broke new pods (they had DNS resolution issue). I had no other choice than run rsyslog as root instead of syslog

Related Topic