Most logs are owned by root or by separate users to where the "logstash" user has no access. Please allow to specify other users to run logstash-forwarder under.
Yes, it's good idea. If you have already some ready patch, I am happy to apply it.
--- /usr/portage/app-admin/logstash-forwarder/logstash-forwarder-0.4.0-r1.ebuild 2015-08-15 15:31:02.000000000 +0200 +++ logstash-forwarder-0.4.0-r2.ebuild 2015-08-20 15:18:47.942196492 +0200 @@ -42,7 +42,7 @@ elog elog " /etc/${PN}/${PN}.conf" elog - elog "See example in /usr/share/doc/${PN}-${PVR} directory. You can" + elog "See example in /usr/share/doc/${PF} directory. You can" elog "remove -quiet from logstash-forward arguments in" elog "/etc/conf.d/${PN} until you get working configuration." elog "Search syslog for errors." --- /usr/portage/app-admin/logstash-forwarder/files/logstash-forwarder.confd 2015-08-09 22:34:49.000000000 +0200 +++ logstash-forwarder.confd 2015-08-20 15:20:14.194524266 +0200 @@ -1 +1,4 @@ LOGSTASH_FORWARDER_ARGS="-quiet -syslog=true" + +#LOGSTASH_FORWARDER_USER="" +#LOGSTASH_FORWARDER_GROUP="" --- /usr/portage/app-admin/logstash-forwarder/files/logstash-forwarder.initd 2015-08-15 15:31:02.000000000 +0200 +++ logstash-forwarder.initd 2015-08-20 15:37:11.654779748 +0200 @@ -3,11 +3,14 @@ # Distributed under the terms of the GNU General Public License v2 # $Id$ +LOGSTASH_FORWARDER_USER="${LOGSTASH_FORWARDER_USER:-logstash}" +LOGSTASH_FORWARDER_GROUP="${LOGSTASH_FORWARDER_GROUP:-logstash}" + start() { local config_file=/etc/logstash-forwarder/logstash-forwarder.conf local statedir=/var/lib/logstash-forwarder - if ! [[ -d ${statedir} ]]; then + if ! [ -d ${statedir} ]; then eend 1 "logstash state directory is missing: ${statedir}" return 1 fi @@ -16,7 +19,7 @@ start-stop-daemon --start --exec /usr/bin/logstash-forwarder \ --make-pidfile --pidfile /run/logstash-forwarder.pid \ --background --wait 100 --chdir "${statedir}" \ - --user logstash --group logstash \ + --user ${LOGSTASH_FORWARDER_USER} --group ${LOGSTASH_FORWARDER_GROUP} \ -- -config="${config_file}" ${LOGSTASH_FORWARDER_ARGS} eend $? } @@ -24,7 +27,8 @@ stop() { ebegin "Stopping logstash-forwarder" start-stop-daemon --stop --exec /usr/bin/logstash-forwarder \ - --pidfile /run/logstash-forwarder.pid --user logstash --group logstash + --pidfile /run/logstash-forwarder.pid --user ${LOGSTASH_FORWARDER_USER} \ + --group ${LOGSTASH_FORWARDER_GROUP} local rc=$? eend ${rc}
Tomas, please don't embed patches in comments next time. Tabs have been changed to spaces and I had to modify patches manually. Instead attach patches as files or provide URL to git pull request next time.
Thank you for submitting patches. The other solution for accessing logs would be adding logstash user to groups as which services are run and make logs readable by that group. It is also possible in some cases to change group for log files, e.g. in syslog-ng. commit cac7779833a9c0f1d57089ad81644a63b935bad7
Thanks for applying, sorry, next time I'll attach as files.
