I learned about how I can centralized logging, both for Syslog and Audit Logs.
I also learned about quite a few directives for settings templates for directories to be created "on demand" as new logfiles needed to be created into new directories based on /var/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%_syslog.log and etc...
Finally, I learned of some directives called:
$FileOwner,
$FileGroup,
$DirCreateMode, and
$FileCreateMode.
However, they all work exactly as expected but the $DirCreateMode does not. I have the value set to 0755 and the permissions of all directories under /var/log are set to permissions of 0700 instead.
Can someone explain if I am doing something wrong, or if maybe a UMASK somewhere is causing a conflict or if I am misunderstanding how to set this particular value?
Thank you in advance,
\\War
[SOLVED/unneeded] rsyslog.conf - $template, $DirCreateMode disfunction
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
[SOLVED/unneeded] rsyslog.conf - $template, $DirCreateMode disfunction
Last edited by warron.french on 2016/05/11 14:49:17, edited 1 time in total.
Thanks,
War
War
- AlanBartlett
- Forum Moderator
- Posts: 9345
- Joined: 2007/10/22 11:30:09
- Location: ~/Earth/UK/England/Suffolk
- Contact:
Re: rsyslog.conf - $template, $DirCreateMode disfunction
A pure guess on my part but I suspect that is automagically done for security purposes. It seems fairly sensible that no group nor rest of the world access is permitted to the directories.
But I may be wrong.
But I may be wrong.
100% Linux and, previously, Unix. Co-founder of the ELRepo Project.
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: rsyslog.conf - $template, $DirCreateMode disfunction
Except that the Security Team need access to review those logs without being - root.
Plus the feature is offered, it was never caveated in the man page that I can see.
Thanks for the reply,
\\War
Plus the feature is offered, it was never caveated in the man page that I can see.
Thanks for the reply,
\\War
Thanks,
War
War
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: rsyslog.conf - $template, $DirCreateMode disfunction
In the case anyone ever reads this post-thread I am attaching the document that I wrote up based on my experience with trying to accomplish centralized logging with rsyslog for CentOS-6.x.
The original focus for this document was not generically about rsyslog, rather it was about centralizing audit logging. Technically, this document demonstrates how to accomplish the aggregation of system (messages) log-data and also audit (AUDITD) log-data, but if the SA who implements these changes based on this single document wants to use the native RHEL-6.x variant audit tools (eg. ausearch and aureport) then don't follow the instructions in this particular thread; use this thread specifically for aggregating all other log data based on the other facility.priority associations.
The original focus for this document was not generically about rsyslog, rather it was about centralizing audit logging. Technically, this document demonstrates how to accomplish the aggregation of system (messages) log-data and also audit (AUDITD) log-data, but if the SA who implements these changes based on this single document wants to use the native RHEL-6.x variant audit tools (eg. ausearch and aureport) then don't follow the instructions in this particular thread; use this thread specifically for aggregating all other log data based on the other facility.priority associations.
Thanks,
War
War
Re: [SOLVED/unneeded] rsyslog.conf - $template, $DirCreateMode disfunction
Hi Warron,
what was the solution to your problem with directory permissions:
"I have the value set to 0755 and the permissions of all directories under /var/log are set to permissions of 0700 instead."
Can't find the attached document you are refering to.
-JoMaTech-
what was the solution to your problem with directory permissions:
"I have the value set to 0755 and the permissions of all directories under /var/log are set to permissions of 0700 instead."
Can't find the attached document you are refering to.
-JoMaTech-