14 Sep
2015
14 Sep
'15
3:35 p.m.
We just set up splunk in our environment and have made all our /var/log/messages owned by root:splunk mode 640 so that splunk can read and index these files. I was thinking I could add xymon user to splunk group and that would allow xymon to read /var/log/messages as well, but it doesn't seem to be working. I can read /var/log/messages as the xymon user but the msgs web page is still showing Cannot open logfile /var/log/messages : Permission deniedAny ideas on what else I can do to allow xymon to get these logs?