Getting Data In

Why am I getting error "Path does not exist" when I try to add the apache2 log file /var/log/apache2/access.log?

New Member

Dear Splunkers,
I get an error message "Path does not exist" when I try to add the apache2 logfile /var/log/apache2/access.log to the splunk inventory. I'm definitely on the right (local) machine. The file exists:

-rw-r----- 1 root adm 21729411 Okt  7 11:52 /var/log/apache2/access.log

The logfiles group is adm.
splunkd runs as user "splunker", this user is member of the group adm. When I login with the user splunker, I can manually read the logfile.
What could be the problem?
Thanks alot!

Tags (3)
0 Karma

SplunkTrust
SplunkTrust

Hi ISL001,

as I wrote before, the parents directory permission are important as well, read this http://unix.stackexchange.com/questions/13858/do-the-parent-directorys-permissions-matter-when-acces... to get more details.

cheers, MuS

Motivator

Can you try /var/log/apache*/access.log ? After the restart of the server with the inputs, check the list monitor and see if it list the file.

0 Karma

New Member

When i tried "/var/log/apache*/access.log" I got a "success" message, the source was added, but do data was obtained.
But now I found out that i woks if i give the apache2 directory the "read" right for "others". I'm a little bit confused, because the "splunker" user can read the files even without that right.

0 Karma

SplunkTrust
SplunkTrust

How about the /var or /var/log or /var/log/apache2 directories - are they readable by the splunk user?

0 Karma

New Member

Yes, both of them are readable by the "splunker"

0 Karma