ES log files: owner/group & mode

pkaeding · February 26, 2017, 5:20am

How can I specify which group the log files generated by ES belong to? Or barring that, how can I affect the mode of the files created?

This is the (I think) relevant snippet from my logging.yml:

  file:
    type: extrasRollingFile
    file: ${path.logs}/${cluster.name}.log
    rollingPolicy: timeBased
    rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz
    layout:
      type: pattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

  index_search_slow_log_file:
    type: dailyRollingFile
    file: ${path.logs}/${cluster.name}_index_search_slowlog.log
    datePattern: "'.'yyyy-MM-dd"
    layout:
      type: pattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

  index_indexing_slow_log_file:
    type: dailyRollingFile
    file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log
    datePattern: "'.'yyyy-MM-dd"
    layout:
      type: pattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

It is creating my log files in /var/log/elasticsearch (which is where I have path.logs set to), owned as elasticsearch:elasticsearch, and set to mode 0640. I need the logs to be readable by a process belonging to a different group. Ideally, I'd like to keep the mode restricted, but set the group of the files to match my log reading process. But setting the mode to 0644 would work too.

I am running ES 2.4 on RHEL 6.8.

Thanks for any tips!

spinscale · February 27, 2017, 9:43am

Hey,

this would require you to change the group, that elasticsearch runs at I suppose (as long as you do not want to make that file word readable). You can configure that group as part of your start up scripts. Or add that user to the elasticsearch group.

hope this helps.

--Alex

system · March 27, 2017, 9:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.