Logstash and since db permission

Logstash runs as a container.logstash version 8.11.0
Logstash input looks like the below

input {
  file {
    path => "/common/logs/parser-server-tasks-application/app.log"
    start_position => "beginning"
    sincedb_path => "/common/logs/.sincedb"
    type => "parser-server-tasks-application"
    codec => multiline {
      pattern => "^%{TIMESTAMP_ISO8601}"
      negate => true
      what => previous
      max_lines => 1000

I m using something called as hostpath(this path /folder is in container and as well on host where the container runs in kubernetes.)

permission /common chmod -R 777 /common

Everything works fine. I need logstash reads from /common/logs and write to sincedb.

but when I change the chmod -R 774 /common. Logstash fails.

Will restart this plugin.
  Plugin: <LogStash::Inputs::File start_position=>"beginning", path=>["/common/logs/dp-cms-mw/*.jsonl"], codec=><LogStash::Codecs::JSON id=>"f057e2c0-d76d-4a5f-97ce-c19a37817c6d", enable_metric=>true, charset=>"UTF-8">, id=>"7c803fd8a4b19ca1aedcd08f1e639817309a4dec3c5b975fa81e8eae528a65fa", sincedb_path=>"/shared/logs/.sincedb_json", type=>"dp-cms-mw", enable_metric=>true, stat_interval=>1.0, discover_interval=>15, sincedb_write_interval=>15.0, delimiter=>"\n", close_older=>3600.0, mode=>"tail", file_completed_action=>"delete", sincedb_clean_after=>1209600.0, file_chunk_size=>32768, file_chunk_count=>140737488355327, file_sort_by=>"last_modified", file_sort_direction=>"asc", exit_after_read=>false, check_archive_validity=>false>
  Error: Permission denied - "/common/shared/logs/.sincedb_json
  Exception: Errno::EACCES

logstash container starts as a logstash user.

how to handle this scenario?

Try 775. The user running logstash will need execute permission on the directory that contains the sincebd.

As per your suggestion chmod -R 775 works. However I tried with chmod -R 755 this one works fine. I don't see any error in logstash-plain.log.
Than you @Badger adger for your insights.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.