Dear Splunkers,
I get an error message "Path does not exist" when I try to add the apache2 logfile /var/log/apache2/access.log to the splunk inventory. I'm definitely on the right (local) machine. The file exists:
-rw-r----- 1 root adm 21729411 Okt 7 11:52 /var/log/apache2/access.log
The logfiles group is adm.
splunkd runs as user "splunker", this user is member of the group adm. When I login with the user splunker, I can manually read the logfile.
What could be the problem?
Thanks alot!
Hi ISL001,
as I wrote before, the parents directory permission are important as well, read this http://unix.stackexchange.com/questions/13858/do-the-parent-directorys-permissions-matter-when-acces... to get more details.
cheers, MuS
Can you try /var/log/apache*/access.log ? After the restart of the server with the inputs, check the list monitor and see if it list the file.
When i tried "/var/log/apache*/access.log" I got a "success" message, the source was added, but do data was obtained.
But now I found out that i woks if i give the apache2 directory the "read" right for "others". I'm a little bit confused, because the "splunker" user can read the files even without that right.
How about the /var or /var/log or /var/log/apache2 directories - are they readable by the splunk user?
Yes, both of them are readable by the "splunker"