[syslog-ng] ACLs with syslog-ng
Fabien Wernli
wernli at in2p3.fr
Wed May 19 06:16:50 UTC 2021
Hi Mark,
On Tue, May 18, 2021 at 04:57:39PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
> We have always set permissions on directories that we want the Splunk universal forwarder to be able to read as root:splunk 640, but now security doesn't like this and wants everything under /var/log to always be root:root except for some specific exceptions. We had tried to solve this with an ACL in the past, however, syslog-ng always seems to clobber the ACL, even when it's the default ACL on the folder. Is this a known issue, is there a way to get syslog-ng to play nice with ACLs.
Did you consider using `hook-commands()` to set the ACL on startup ?
More information about the syslog-ng
mailing list