Unable to change the group ownership of a file in journal files
说明
The group ownership of the file/directory was configured to use an AD group. The correct ownership was correctly assigned to the file/directory however the journal files’ (*.jor) ownership remain the same.
The following errors were seen in the logs: syslog-ng[54490]: Log store warning; filename='/data/log/abc/2021/11/08/192.11.10.2-20211108.log', message='Warning: Setting permissions of log store file failed; error=\'/data/log/xyz/2021/11/08/192.11.10.2-20211108.log\''
syslog-ng[54490]: Log store warning; filename='/data/log/abc/2021/11/08/192.11.10.2-20211108.log', message='Warning: Setting permissions of journal file failed; filename=\'/data/log/xyz/2021/11/08/192.11.10.2-20211108.log.jor\' message=\'Operation not permitted\''
syslog-ng[54490]: Log store warning; filename='/data/log/abc/2021/11/08/host.test.com-20211108.log', message='Warning: Setting permissions of journal file failed; filename=\'/data/log/xyz/2021/11/08/host.test.com-20211108.log.jor\' message=\'Operation not permitted\''
syslog-ng[54490]: Log store warning; filename='/data/log/xyz/2021/11/08/192.11.10.2-20211108.log', message='Warnings: setting permissions of logstore index file failed; error=\'Operation not permitted\''
解决办法
WORKAROUND 1. Modify the systemd service file of syslog-ng at: /usr/lib/systemd/system/syslog-ng.service
2. Change the line ExecStart=/opt/syslog-ng/sbin/syslog-ng -F --enable-core $SYSLOGNG_OPTIONS
STATUS Change Request SYSLOGDEV-6165 has been raised with our Product team for consideration of inclusion in the future release of syslog-ng Premium Edition.