Ad Widget

**netod** · 16-11-2006, 06:09

Originally posted by fulltilt

I try to setup zabbix for my logfiles:
http://www.zabbix.com/manual/v1.1/tu...s_logfiles.php

but after create item for syslog - status switched back to not supported ...

I'm using Zabbix on Debian Sarge 3.1
is it possible that zabbix need more rights for reading the logfiles
or did i have to set zabbix to the logfile group?
Also after it is working (hope so) where can i find the logs in Zabbix?

On Debian sarge the default syslog permissions are:

-rw-r----- 1 root adm 241330 2006-11-16 15:18 /var/log/syslog

If zabbix agentd is started by user zabbix.zabbix, then you would need to adjust the permissions accordingly.

The zabbix server as well as the client have a config parameter LogFile= where you set the file you want to log activity in.

As far as viewing the recorded logfile information, I'd imagine it would be done through the php frontend.

Hope this helps.

**fulltilt** · 16-11-2006, 13:21

thanks netod,

thats helps

Originally posted by netod

On Debian sarge the default syslog permissions are:

-rw-r----- 1 root adm 241330 2006-11-16 15:18 /var/log/syslog

If zabbix agentd is started by user zabbix.zabbix, then you would need to adjust the permissions accordingly.

The zabbix server as well as the client have a config parameter LogFile= where you set the file you want to log activity in.

As far as viewing the recorded logfile information, I'd imagine it would be done through the php frontend.

Hope this helps.

**fulltilt** · 16-11-2006, 14:15

i added zabbix to group adm - also restart the server ... same problem ...
status of item switched back to 'not supported'
Did i have to set the logfile permission higher?

**netod** · 16-11-2006, 23:58

Originally posted by fulltilt

i added zabbix to group adm - also restart the server ... same problem ...
status of item switched back to 'not supported'
Did i have to set the logfile permission higher?

I wouldn't exactly recommend adding zabbix to group adm since group adm is a system wide group and may have certain privilages to other system files which you may not want the zabbix user to have. Therefore if your system is compromised through zabbix agent or server you will give the intruder access to other system files because zabbix is in the group adm.

You shouldn't need to set permissions to higher, I would say there is something wrong with your item setup. Give some more detail.

**otheus** · 14-10-2009, 00:11

netod, I disagree with your paranoia concerning the permissions on logfiles and adding Zabbix to, for instance, the "adm" group.

The whole purpose of having groups is to give non-root users elevated access to particular objects on the system. Log files and configuration files are perfect examples of what should be granted to the group adm. True enough, you wouldn't want an intruder going through zabbix to execute code on the system. So the administrator should be careful about what files can be read from and written to as this special group.

I do suggest adding files such as /var/log/messages and even /var/log/secure to the adm group, setting the group permissions to read (not write), and adding zabbix to the /etc/group and /etc/gshadow (if applicable) entries for adm.

If you are paranoid, search the filesystem for all files who belong to the adm group: find / -group adm -perm +070 -ls
If the resulting output lists too many files for your comfort, then use a different group.

The only thing more secure than this would be to write a trapper on the client that sends the Zabbix server this data. In essence, you ask the user to rewrite a log monitoring agent and report that data using (for instance) zabbix_send.

Ad Widget

Problem with Log Files

Problem with Log Files

Comment

Comment

Comment

Comment

Comment