Skip to content

Commit

Permalink
Merge pull request #370 from brsolomon-deloitte/doc-in_tail-permission
Browse files Browse the repository at this point in the history 
Doc in_tail permission
  • Loading branch information
@cosmo0920
cosmo0920 authored Oct 8, 2021
2 parents f8a4088 + 0bb811c commit 4f23c5b
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
11 changes: 11 additions & 0 deletions input/tail.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,17 @@ If you see this message:
It means that `fluentd` does not have read permission for `/path/to/file`. Check your fluentd and target files permission.

**Note**: When `td-agent` is launched by systemd, the default user of the `td-agent` process is the `td-agent` user.
You must ensure that this user has read permission to the tailed `/path/to/file`. For instance, on Ubuntu,
the default Nginx access file `/var/log/nginx/access.log` is mode `0640` and owned by `www-data:adm`. In
this case, several options are available to allow read access:

1. Add the `td-agent` user to the `adm` group, e.g. through `usermod -aG`, or
2. Use the [`cap_dac_read_search` capability](../deployment/linux-capability#capability-handling-on-in_tail)
to allow the invoking user to read the file without otherwise changing its permission bits or ownership.

A bug exists in Fluentd 1.13.x where it may suppress warning logs about unreadable files. (See Fluentd PR [#3478](https://github.com/fluent/fluentd/pull/3478).)

### `logrotate` Setting

`logrotate` has the `nocreate` parameter and it does not create a new file if log rotation is triggered. It means `in_tail` cannot find the new file to tail.
Expand Down
9 changes: 9 additions & 0 deletions parser/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,15 @@ Here is an example to read Nginx access logs using `in_tail` and `parser_nginx`:
</source>
```

**Note**: When `td-agent` is launched by systemd, the default user of the `td-agent` process is the `td-agent` user.
You must ensure that this user has read permission to the tailed `/path/to/file`. For instance, on Ubuntu,
the default Nginx access file `/var/log/nginx/access.log` is mode `0640` and owned by `www-data:adm`. In
this case, several options are available to allow read access:

1. Add the `td-agent` user to the `adm` group, e.g. through `usermod -aG`, or
2. Use the [`cap_dac_read_search` capability](../deployment/linux-capability#capability-handling-on-in_tail)
to allow the invoking user to read the file without otherwise changing its permission bits or ownership.

## List of Built-in Parsers

* [`regexp`](regexp.md)
Expand Down

0 comments on commit 4f23c5b

Please sign in to comment.