[syslog-ng] ACLs with syslog-ng
Faine, Mark R. (MSFC-IS40)[NICS]
mark.faine at nasa.gov
Tue May 18 16:57:39 UTC 2021
RHEL 7 and 8
syslog-ng 3.19 and 3.31
We have always set permissions on directories that we want the Splunk universal forwarder to be able to read as root:splunk 640, but now security doesn't like this and wants everything under /var/log to always be root:root except for some specific exceptions. We had tried to solve this with an ACL in the past, however, syslog-ng always seems to clobber the ACL, even when it's the default ACL on the folder. Is this a known issue, is there a way to get syslog-ng to play nice with ACLs.
Thanks,
-Mark
Mark Faine
System Administrator
SAIC/NICS
215 Wynn Dr. 5065
Huntsville, AL 35805
256-961-1295 (Desk)
256-617-4861 (Work Cell)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210518/8c35262e/attachment-0001.html>
More information about the syslog-ng
mailing list