18 May
2021
18 May
'21
5:57 p.m.
RHEL 7 and 8 syslog-ng 3.19 and 3.31 We have always set permissions on directories that we want the Splunk universal forwarder to be able to read as root:splunk 640, but now security doesn't like this and wants everything under /var/log to always be root:root except for some specific exceptions. We had tried to solve this with an ACL in the past, however, syslog-ng always seems to clobber the ACL, even when it's the default ACL on the folder. Is this a known issue, is there a way to get syslog-ng to play nice with ACLs. Thanks, -Mark Mark Faine System Administrator SAIC/NICS 215 Wynn Dr. 5065 Huntsville, AL 35805 256-961-1295 (Desk) 256-617-4861 (Work Cell)