So I am trying to monitor the logs of a VM running Centos 7. Specifically the one giving problems is /var/log/messages. I have changed both the group ownership of the file ( made the pertaining change in logrotate.conf ) and manually on the already created file. Below you can see the permissions of it :
[matias@Centos_7_VM ~]$ sudo ls -lh /var/log/messages
-rw-rwx---+ 1 root zabbix 889K jul 25 10:53 /var/log/messages
[matias@Centos_7_VM ~]$ getfacl /var/log/messages
getfacl: Removing leading '/' from absolute path names
# file: var/log/messages
# owner: root
# group: zabbix
user::rw-
user:zabbix:rwx
group::---
mask::rwx
other::---
But even with all of those changes, the zabbix agent is getting permission denied to read that log. Is there something else blocking that process from reading the file?
Agent log
993:20180725:062459.211 Starting Zabbix Agent [Centos_7_VM]. Zabbix 3.2.11 (revision 76339).
993:20180725:062459.256 **** Enabled features ****
993:20180725:062459.257 IPv6 support: YES
993:20180725:062459.257 TLS support: YES
993:20180725:062459.257 **************************
993:20180725:062459.257 using configuration file: /etc/zabbix/zabbix_agentd.conf
993:20180725:062459.303 agent #0 started [main process]
999:20180725:062459.359 agent #1 started [collector]
1003:20180725:062459.396 agent #2 started [listener #1]
1004:20180725:062459.406 agent #3 started [listener #2]
1005:20180725:062459.413 agent #4 started [listener #3]
1007:20180725:062459.472 agent #5 started [active checks #1]
1007:20180725:105103.700 active check "log[/var/log/messages,(?i)error]" is not supported: Cannot open file "/var/log/messages": [13] Permission denied
Best Answer
It's called SELinux.
Unfortunately the SELinux policy for the Zabbix agent is not well developed (yet) and almost anything you might want to monitor is going to be denied. I personally set the Zabbix agent type to permissive to work around this. This lets the Zabbix agent essentially bypass SELinux while it still applies to everything else on the system.