Page 1 of 1

Syslog file could not be found

PostPosted: Mon Nov 14, 2016 9:11 pm
by landryd
I am creating a new LogAnalyzer Source on a new setup on Centos7.

I am able to add diskfile sources if they are in /var/log (e.g. /var/log/messages), but not on a separate volume I created for my logs (/data/log) and symlinked into /var/log. I can copy the log file from /data/log to /var/log and LogAnalyzer is happy to add it as a source.

When I attempt to add my source, I give it a source name and specify the syslog file (in my case /var/log/remote/ironwood). I get the following error:

Code: Select all
The source 'ironwood' checking returned with an error:
Syslog file could not be found


I've also tried changing $CFG['DiskAllowed'][] to "/data/log" and avoided the symlink, but I get the same error.

Here are permissions on the logfile that I can't add:
Code: Select all
 -rw-r----- 1 root logadmin 2.7G Nov 14 16:05 /data/log/ironwood


And here are permissions on a logfile that I can add:
Code: Select all
 -rw-r----- 1 root logadmin 837K Nov 14 14:38 /var/log/APs


Some other info:
- SELinux is disabled
- logadmin contains the apache user
- LogAnalyzer is version 4.1.5

Any idea how I can proceed?

Re: Syslog file could not be found

PostPosted: Mon Nov 14, 2016 9:32 pm
by landryd
The problem was with permissions on my /data/log directory. It didn't have read permissions for Group. :) Leaving this here for the next person who has this issue.