Page 1 of 1

[SOLVED/unneeded] rsyslog.conf - $template, $DirCreateMode disfunction

Posted: 2015/04/08 14:05:05
by warron.french
I learned about how I can centralized logging, both for Syslog and Audit Logs.

I also learned about quite a few directives for settings templates for directories to be created "on demand" as new logfiles needed to be created into new directories based on /var/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%_syslog.log and etc...

Finally, I learned of some directives called:
$DirCreateMode, and

However, they all work exactly as expected but the $DirCreateMode does not. I have the value set to 0755 and the permissions of all directories under /var/log are set to permissions of 0700 instead.

Can someone explain if I am doing something wrong, or if maybe a UMASK somewhere is causing a conflict or if I am misunderstanding how to set this particular value?

Thank you in advance,

Re: rsyslog.conf - $template, $DirCreateMode disfunction

Posted: 2015/04/08 16:33:55
by AlanBartlett
A pure guess on my part but I suspect that is automagically done for security purposes. It seems fairly sensible that no group nor rest of the world access is permitted to the directories.

But I may be wrong. :?

Re: rsyslog.conf - $template, $DirCreateMode disfunction

Posted: 2015/04/08 17:35:53
by warron.french
Except that the Security Team need access to review those logs without being - root.

Plus the feature is offered, it was never caveated in the man page that I can see.

Thanks for the reply,

Re: rsyslog.conf - $template, $DirCreateMode disfunction

Posted: 2016/05/06 03:16:23
by warron.french
In the case anyone ever reads this post-thread I am attaching the document that I wrote up based on my experience with trying to accomplish centralized logging with rsyslog for CentOS-6.x.

The original focus for this document was not generically about rsyslog, rather it was about centralizing audit logging. Technically, this document demonstrates how to accomplish the aggregation of system (messages) log-data and also audit (AUDITD) log-data, but if the SA who implements these changes based on this single document wants to use the native RHEL-6.x variant audit tools (eg. ausearch and aureport) then don't follow the instructions in this particular thread; use this thread specifically for aggregating all other log data based on the other facility.priority associations.

Re: [SOLVED/unneeded] rsyslog.conf - $template, $DirCreateMode disfunction

Posted: 2016/09/26 11:12:14
by JoMaTech
Hi Warron,

what was the solution to your problem with directory permissions:
"I have the value set to 0755 and the permissions of all directories under /var/log are set to permissions of 0700 instead."

Can't find the attached document you are refering to.