Security

How do I define file permission for splunkd.log in log.cfg?

Engager

Is there a way to modify the file permission for ${SPLUNK_HOME}/var/log/splunk/splunkd.log?

$ ls -l /local/splunkpr/var/log/splunk/splunkd.log 
-rw-------   1 splunkpr splunkpr 4482202 Jul 15 10:20 /local/splunkpr/var/log/splunk/splunkd.log

The log file needs to be group readable to allow another application (who belongs in the splunkpr group) to read its conents.

In my log.cfg I have the following:

appender.A1=RollingFileAppender
appender.A1.fileName=${SPLUNK_HOME}/var/log/splunk/splunkd.log
appender.A1.maxFileSize=25000000 # default: 25MB (specified in bytes).
appender.A1.maxBackupIndex=75
appender.A1.layout=PatternLayout
appender.A1.layout.ConversionPattern=%d{%m-%d-%Y %H:%M:%S.%l %z} %-5p %c - %m%n

Thanks,
Bobby

Explorer

this answer is useful.

Splunk Answers: How to change permissions on Splunk log files?
https://answers.splunk.com/answers/209239/how-to-change-permissions-on-splunk-log-files.html

0 Karma