rsyslog (the syslog app) could read /var/log/pihole.log (which is a symlink to /var/log/pihole/pihole.log). I would like to forward Pi-hole log to external logging server (in my case it's Vector -> Loki -> Grafana) using rsyslog.
Actual Behaviour:
rsyslog could not read Pi-hole log due to denied permission. Pi-hole log above has the following permission:
-rw-r----- 1 pihole pihole 57235 May 31 15:09 /var/log/pihole/pihole.log
This is expected behavior from Pi-hole due to recent update.
I have tried to manually change the permission of Pi-hole log with chmod +x /var/log/pihole/pihole.log, but I have no idea if it will persist across reboot and update.
Thank you for your reply. I am aware that I need root permission to read the file, and I have no issue to accomplish that. What I am asking about is how can I make rsyslog be able to read those log, as it is said permission denied in rsyslog systemctl status.
I will update with rsyslog systemctl status later as I have turned off my system.
Thank you for your reply. This is indeed what I am looking for. The root cause is due to rsyslog drops user/group to syslog/syslog after startup. Below is the systemctl status output.
Jun 01 01:44:43 pihole1 systemd[1]: Started System Logging Service.
Jun 01 01:44:43 pihole1 rsyslogd[812]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2112.0]
Jun 01 01:44:43 pihole1 rsyslogd[812]: imklog: cannot open kernel log (/proc/kmsg): Permission denied.
Jun 01 01:44:43 pihole1 rsyslogd[812]: activation of module imklog failed [v8.2112.0 try https://www.rsyslog.com/e/2145 ]
Jun 01 01:44:43 pihole1 rsyslogd[812]: rsyslogd's groupid changed to 111
Jun 01 01:44:43 pihole1 rsyslogd[812]: rsyslogd's userid changed to 104
Jun 01 01:44:43 pihole1 rsyslogd[812]: imfile: on startup file '/var/log/pihole.log' does not exist but is configured in static file monitor - this may indicate a misconfiguration. If the file appears at a later time, it will automatically be processed. Reason: Permission denied [v8.2112.0]
Jun 01 01:44:43 pihole1 rsyslogd[812]: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="812" x-info="https://www.rsyslog.com"] start
Jun 01 01:44:43 pihole1 rsyslogd[812]: imfile: error accessing file '/var/log/pihole/pihole.log': Permission denied [v8.2112.0]
Jun 01 01:44:43 pihole1 rsyslogd[812]: imfile: error accessing file '/var/log/pihole.log': Permission denied [v8.2112.0]
For the solution, I simply add syslog user to pihole group and keeping it drop permission to syslog/syslog as I thought it is much safer this way than letting rsyslog run as root/root.
Apologize for not searching more about it before. I highly appreciate all of your help.