Logstash permission issue and need help on this

Hi Folks,

I have directory /var/log/data where my files are being written and those are the docker volumes.

drwxrwxr-x 25 pbdocker pbdocker 4096 Sep 29 02:49 data

When I am trying to run the logstash to read the files inside data folder I am getting below error. Wondering what permission would be appropriate to make it work?

[2019-09-29T04:03:03,563][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-09-29T04:03:03,594][WARN ][filewatch.tailmode.handlers.createinitial] failed to open /var/log/data/p0f/log/p0f.json: #<Errno::EACCES: Permission denied - /var/log/data/p0f/log/p0f.json>, ["org/jruby/RubyIO.java:1236:in `sysopen'", "org/jruby/RubyFile.java:367:in `initialize'", "org/jruby/RubyIO.java:1155:in `open'"]
[2019-09-29T04:03:03,820][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9601}

It is able to find the file, so the permissions on /var/log/data, /var/log/data/p0f, and /var/log/data/p0f/log must be OK. The problem is the permissions on the file itself. logstash needs read access to it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.