Logrotate produziert folgende Meldung: error: skipping „/var/log/centreon-broker/central-broker.log“ because parent directory has insecure permissions (It’s world writable or writable by group which is not „root“) Set „su“ directive in config file to tell logrotate which user/group should be used for rotation.
Mir ist aufgefallen das bei einem manuellen ausführen von logrotate über „logrotate -f /etc/logrotate.conf“ ein paar Fehler angezeigt werden:
error: skipping "/var/log/centreon-broker/central-broker.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon-broker/central-broker-master.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" dir ective in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon-broker/central-module-master.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" dir ective in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon-broker/central-rrd.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon-broker/central-rrd-master.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" direct ive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon-broker/watchdog.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in con fig file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/centAcl.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/centcore.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config fil e to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/centreon-backup.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in con fig file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/centreon-partitioning.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/centreon-purge.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in conf ig file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/dashboardBuilder.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in co nfig file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/downtimeManager.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in con fig file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/eventReportBuilder.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/knowledgebase.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in confi g file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/login.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file t o tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/nagiosPerfTrace.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in con fig file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/rrdtool.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/centreon/sql-error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config fi le to tell logrotate which user/group should be used for rotation.
Problem: logrotate fehlt die Berechtigung um die Dateien anpacken zu dürfen.
Lösung: Wir geben Logrotate die passenden Berechtigungen. Hierzu muss die Datei „/etc/logrotate.d/cbd“ mit einem „su centreon-broker centreon-broker“ ergänzt werden:
/var/log/centreon-broker/*log { su centreon-broker centreon-broker compress daily notifempty missingok rotate 7 size 100M copytruncate }
Das gleiche mit der „/etc/logrotate.d/centreon“ Datei:
/var/log/centreon/*.log { su centreon centreon compress daily notifempty copytruncate missingok rotate 7 size 20M }
Have you tested this? because in ‚/var/log/centreon-broker/‘ files are not only owned by centreon-broker.
The same with ‚/var/log/centreon/‘. Log files files under here are owned by apache, root and centreon.
Won’t we need more fine-tuning of the lograte config?
Hello Elliot. Yes i tested it! 😉
Thanks, now its work. My files are only owned by centreon-broker and centroen:
[root@cent ~]# ls -lah /var/log/centreon-broker/
total 13M
drwxrwxr-x. 2 centreon-broker centreon-broker 4.0K Aug 16 15:07 .
drwxr-xr-x. 16 root root 4.0K Aug 16 14:57 ..
-rw-rw-r–. 1 centreon-broker centreon-broker 0 Feb 9 2017 central-broker.log
-rw-rw-r–. 1 centreon-broker centreon-broker 90K Nov 29 2016 central-broker.log-20170209.gz
-rw-rw-r–. 1 centreon-broker centreon-broker 2.3K Aug 16 15:07 central-broker-master.log
-rw-rw-r–. 1 centreon-broker centreon-broker 321 Aug 16 15:07 central-broker-master.log.1.gz
-rw-rw-r–. 1 centreon-broker centreon-broker 2.3K Feb 8 2017 central-broker-master.log-20170209.gz
-rw-rw-r–. 1 centreon-broker centreon-broker 1.2M Aug 16 15:06 central-broker-master.log.2.gz
-rw-rw-r–. 1 centreon-broker centreon-broker 0 Aug 16 15:06 central-module-master.log
and
[root@cent ~]# ls -lah /var/log/centreon
total 908K
drwxrwxr-x. 2 centreon centreon 4.0K Aug 16 15:06 .
drwxr-xr-x. 16 root root 4.0K Aug 16 14:57 ..
-rw-rw-r–. 1 centreon centreon 126 Aug 16 15:07 centAcl.log
-rw-rw-r–. 1 centreon centreon 61K Aug 16 15:06 centAcl.log.1.gz
-rw-rw-r–. 1 centreon centreon 6.0K Feb 9 2017 centAcl.log-20170209.gz
-rw-rw-r–. 1 centreon centreon 0 Aug 16 15:06 centcore.log
-rw-rw-r–. 1 centreon centreon 1.5K Aug 11 15:56 centcore.log.1.gz
-rw-rw-r–. 1 centreon centreon 21 Jan 30 2017 centcore.log-20170209.gz
-rw-rw-r–. 1 centreon centreon 0 Aug 16 15:06 centreon-backup.log
-rw-rw-r–. 1 centreon centreon 134 Jun 6 03:30 centreon-backup.log.1.gz
-rw-rw-r–. 1 centreon centreon 155 Feb 9 2017 centreon-backup.log-20170209.gz