I can't find this problem or a related answer in recent postings (after 2014) so I drop this here.
I'm running this:
- CentOS 6.8 (final)
- Logstash 6.2.3
- Elasticsearch 6.2.3
To allow logstash to read log files I added the user logstash to all groups of (service-)users that create log files I want to monitor and added, where needed, group read rights to log files.
This worked until I tried to monitor /var/log/maillog.
User logstash is a member of the root group and /var/log/maillog (and the intermediate directories) are accessible to logstash for reading.
Proof: When I give user logstash a login shell, after logging in 'cat /var/log/maillog' works perfectly.
But: After starting the logstash service I get (in logstash-plain.log):
[WARN ][logstash.inputs.file ] failed to open /var/log/maillog: Permission denied - /var/log/maillog
This has me baffled. Tips anyone? Your help will be appreciated.