Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 618804 - app-admin/logstash-bin permissions and log access
Summary: app-admin/logstash-bin permissions and log access
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Tomáš Mózes
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-17 22:04 UTC by Jesse Adelman
Modified: 2017-05-26 12:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Adelman 2017-05-17 22:04:03 UTC 
The default install of logstash doesn't work. However, when copying the included conf file from /usr/share/logstash/agent.conf to /etc/logstash/conf.d/, the naive user gets:

"fuji-02 logstash # tail /var/log/logstash/logstash-plain.log 
[2017-05-17T17:56:08,670][INFO ][logstash.pipeline        ] Starting pipeline {"id"=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>1000}
[2017-05-17T17:56:08,772][INFO ][logstash.pipeline        ] Pipeline main started
[2017-05-17T17:56:08,784][WARN ][logstash.inputs.file     ] failed to open /var/log/dracut.log: Permission denied - /var/log/dracut.log
[2017-05-17T17:56:08,786][WARN ][logstash.inputs.file     ] failed to open /var/log/emerge-fetch.log: Permission denied - /var/log/emerge-fetch.log
[2017-05-17T17:56:08,786][WARN ][logstash.inputs.file     ] failed to open /var/log/emerge.log: Permission denied - /var/log/emerge.log
[2017-05-17T17:56:08,788][WARN ][logstash.inputs.file     ] failed to open /var/log/lxdm.log: Permission denied - /var/log/lxdm.log
[2017-05-17T17:56:08,789][WARN ][logstash.inputs.file     ] failed to open /var/log/lynis.log: Permission denied - /var/log/lynis.log
[2017-05-17T17:56:08,792][WARN ][logstash.inputs.file     ] failed to open /var/log/vsftpd.log: Permission denied - /var/log/vsftpd.log
[2017-05-17T17:56:08,794][WARN ][logstash.inputs.file     ] failed to open /var/log/messages: Permission denied - /var/log/messages
[2017-05-17T17:56:08,795][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
fuji-02 logstash # "

Perhaps some group membership adjustment for the logstash user is in order? Thanks.
Comment 1 Tomáš Mózes 2017-05-18 12:23:25 UTC 
Hi Jesse.

It's really hard to define what is a "default" installation for logstash. Sometimes you read logs, sometimes you just listen on a socket. We have a warning in the ebuild that you need to change LS_USER and LS_GROUP to root if you wish to read logs for example.

I think I will extend the sample with more stuff and adding a warning in the beginning of the file that you need to run this as root.

Will that be ok or what do you suggest?
Comment 2 Tomáš Mózes 2017-05-24 09:41:54 UTC 
I've added a note to the 5.4.0 release about the sample config location and a warning that root access may be needed. Is that ok?

https://github.com/gentoo/gentoo/pull/4744