reading /var/log/messages 🔗 link

We just set up splunk in our environment and have made all our /var/log/messages owned by root:splunk mode 640 so that splunk can read and index these files.  I was thinking I could add xymon user to splunk group and that would allow xymon to read /var/log/messages as well, but it doesn't seem to be working.  I can read /var/log/messages as the xymon user but the msgs web page is still showing 
Cannot open logfile /var/log/messages : Permission deniedAny ideas on what else I can do to allow xymon to get these logs?

Elizabeth Jones via Xymon wrote:

You may need to use the group of  the apache web server user instead of
xymon.  It's www-data on ubuntu/debian... not sure if I remember
if it's www on RedHat...

Bill

-- 
Digital had it then.  Don't you wish you could buy it now!
pechter-at-gmail.com  http://xkcd.com/705/

Have you restarted the xymon client?  Changes to linux group memberships on
apply to new logins...

Kind regards, 

SebA  

From: Elizabeth Jones [mailto:user-a47755762131@xymon.invalid] 
Sent: 14 September 2015 16:36
To: xymon at xymon.com
Subject: reading /var/log/messages


We just set up splunk in our environment and have made all our
/var/log/messages owned by root:splunk mode 640 so that splunk can read and
index these files.  I was thinking I could add xymon user to splunk group
and that would allow xymon to read /var/log/messages as well, but it doesn't
seem to be working.  I can read /var/log/messages as the xymon user but the
msgs web page is still showing 

Cannot open logfile /var/log/messages : Permission denied
Any ideas on what else I can do to allow xymon to get these logs?

You would need to restart the xymon client after adding it to the group. That sort of thing isn’t dynamic.

You may need to stop xymon, logout,  log back in, and then start it. Depending on how you login to the xymon user.

Maybe run group before starting to make sure xymon is in the splunk group.

From: Elizabeth Jones [mailto:user-a47755762131@xymon.invalid]
Sent: Monday, September 14, 2015 10:36 AM
To: xymon at xymon.com
Subject: reading /var/log/messages

We just set up splunk in our environment and have made all our /var/log/messages owned by root:splunk mode 640 so that splunk can read and index these files.  I was thinking I could add xymon user to splunk group and that would allow xymon to read /var/log/messages as well, but it doesn't seem to be working.  I can read /var/log/messages as the xymon user but the msgs web page is still showing


Cannot open logfile /var/log/messages : Permission denied
Any ideas on what else I can do to allow xymon to get these logs?

This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.

Remember that you must restart Xymon to pick up any changes in the user/group settings (just as  you need to logout/login if you add yourself to a group).

Regards,
Henrik


Den 14-09-2015 kl. 17:35 skrev Elizabeth Jones: