rsyslog (the syslog app) could read
/var/log/pihole.log (which is a symlink to
/var/log/pihole/pihole.log). I would like to forward Pi-hole log to external logging server (in my case it's Vector -> Loki -> Grafana) using
rsyslog could not read Pi-hole log due to denied permission. Pi-hole log above has the following permission:
-rw-r----- 1 pihole pihole 57235 May 31 15:09 /var/log/pihole/pihole.log
This is expected behavior from Pi-hole due to recent update.
I have tried to manually change the permission of Pi-hole log with
chmod +x /var/log/pihole/pihole.log, but I have no idea if it will persist across reboot and update.
You need root user permission to read that file.
sudo cat /var/log/pihole/pihole.log
Thank you for your reply. I am aware that I need root permission to read the file, and I have no issue to accomplish that. What I am asking about is how can I make
rsyslog be able to read those log, as it is said
permission denied in
rsyslog systemctl status.
I will update with
rsyslog systemctl status later as I have turned off my system.
Thank you for your reply. This is indeed what I am looking for. The root cause is due to
rsyslog drops user/group to
syslog/syslog after startup. Below is the systemctl status output.
Jun 01 01:44:43 pihole1 systemd: Started System Logging Service.
Jun 01 01:44:43 pihole1 rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2112.0]
Jun 01 01:44:43 pihole1 rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Permission denied.
Jun 01 01:44:43 pihole1 rsyslogd: activation of module imklog failed [v8.2112.0 try https://www.rsyslog.com/e/2145 ]
Jun 01 01:44:43 pihole1 rsyslogd: rsyslogd's groupid changed to 111
Jun 01 01:44:43 pihole1 rsyslogd: rsyslogd's userid changed to 104
Jun 01 01:44:43 pihole1 rsyslogd: imfile: on startup file '/var/log/pihole.log' does not exist but is configured in static file monitor - this may indicate a misconfiguration. If the file appears at a later time, it will automatically be processed. Reason: Permission denied [v8.2112.0]
Jun 01 01:44:43 pihole1 rsyslogd: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="812" x-info="https://www.rsyslog.com"] start
Jun 01 01:44:43 pihole1 rsyslogd: imfile: error accessing file '/var/log/pihole/pihole.log': Permission denied [v8.2112.0]
Jun 01 01:44:43 pihole1 rsyslogd: imfile: error accessing file '/var/log/pihole.log': Permission denied [v8.2112.0]
For the solution, I simply add
syslog user to
pihole group and keeping it drop permission to
syslog/syslog as I thought it is much safer this way than letting
rsyslog run as
Apologize for not searching more about it before. I highly appreciate all of your help.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.