Bug #13444
openzabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
0%
Description
Hi
I frequently come across this issue when trying to investigate why a Zabbix agent isn't communicating successfully with our Zabbix server.
When I navigate to https://pfsense-ip-address/status_logs_packages.php?pkg=Zabbix%20Proxy%205.0 I'm presented with the following (truncated) logs
Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K zabbix_proxy [78631]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [82116]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied *** Above lines repeated 50+ times *** Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K ... ...
Logging appears to have stopped ~40 days ago.
Restarting the Zabbix proxy service (via https://pfsense-ip-address/status_services.php#) gets logging working again, however its a pain because I generally speaking I wanted to see the logs for the past to investigate the problem I'm dealing with at that specific time.
I suspect the issue is related to log rotation and file permissions based on the Permission denied error and that newsyslog is mentioned before and after the logging stops working.
Today, before I restart the service I checked who owned the log file...
[2.6.0-RELEASE][root@pfsense-ip-address]/root: ls -l /var/log/zabbix-proxy/ total 106 -rw------- 1 root wheel 80 Jul 15 03:09 zabbix_proxy.log -rw------- 1 root wheel 29744 Jul 15 03:09 zabbix_proxy.log.0.bz2 -rw------- 1 root wheel 33193 Jun 6 13:47 zabbix_proxy.log.1.bz2 -rw------- 1 root wheel 34871 May 4 09:48 zabbix_proxy.log.2.bz2
After I restarted the service I checked again...
[2.6.0-RELEASE][root@fsense-ip-address]/root: ls -l /var/log/zabbix-proxy/ total 110 -rw------- 1 zabbix zabbix 3218 Aug 25 13:42 zabbix_proxy.log -rw------- 1 zabbix zabbix 29744 Jul 15 03:09 zabbix_proxy.log.0.bz2 -rw------- 1 zabbix zabbix 33193 Jun 6 13:47 zabbix_proxy.log.1.bz2 -rw------- 1 zabbix zabbix 34871 May 4 09:48 zabbix_proxy.log.2.bz2
Investigating further I found the contents of `/var/etc/newsyslog.conf.d/zabbix_proxy.log.conf` does indeed set the owner to root
# Automatically generated for package Zabbix Proxy 5.0. Do not edit. /var/log/zabbix-proxy/zabbix_proxy.log root:wheel 600 7 500 * JC
I'll try and remember to check tomorrow but I suspect the files will be owned by root again after the (presumably) daily log rotation occurs.
I haven't made any customizations to the pfsense box. The only other plugins installed are- open-vm-tools v10.1.0_5,1
- openvpn-client-export v1.6_4
- zabbix-agent5 v1.0.4_12
- zabbix-proxy5 v1.0.4_12
I compared `/var/etc/newsyslog.conf.d/zabbix_ agentd .log.conf` with `/var/etc/newsyslog.conf.d/zabbix_ proxy .log.conf`, both set the owners to root
I then checked the ownership of the agent's log files, to my surprize they're owned by Zabbix. I have not restarted the Zabbix agent service today
ls -l /var/log/zabbix-agent/ total 5 -rw-rw-r-- 1 zabbix zabbix 11450 Aug 15 11:49 zabbix_agentd.log
Updated by Kris Phillips over 2 years ago
Hello Steve,
Which version of the Zabbix package are you seeing this behavior? There are several.
Updated by Kris Phillips over 2 years ago
- Status changed from New to Incomplete
Marking as Incomplete until additional details, per previous request, is provided.
Updated by Juraj Lutter about 2 years ago
I see the same behavior, independently from Zabbix versions. The problem indeed, is in newsyslog
config for the services.
These erroneous files are not leftovers after previous versions or something similar. I even did
pkg install -f pfSense-pkg-zabbix-proxy5
to no avail.
Updated by Steve Scotter about 2 years ago
Apologies for the delay Kris. Zabbix had been behaving itself for quite some time (or rather I hadn't noticed it was playing up) until recently (based on the logs, on the Dec 12th, some ten days ago).
In my environment I'm running the Zabbix 5.0 LTS edition. The pfsense package details were in the original description however, I've now formatted it a little better for you. Here are all the packages installed on my system
Pakcage Name | Category | Version |
---|---|---|
Open-VM-Tools | emulators | 10.1.0_5,1 |
openvpn-client-export | security | 1.6_4 |
Service_Watchdog | sysutils | 1.8.7_1 |
zabbix-agent5 | net-mgmt | 1.0.4_12 |
zabbix-proxy5 | net-mgmt | 1.0.4_12 |
I'm aware there is an update from 1.0.4_12 to 1.0.5 which I'm now about to install it.
Recent log entries
Dec 12 20:14:00 queeg500 newsyslog[3283]: logfile turned over due to size>500K zabbix_proxy [12769]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16820]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16655]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [10636]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [11324]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [11803]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [10961]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [10498]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [10616]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15441]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15396]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15279]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [12769]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16820]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [11324]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [11803]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [10616]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16655]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [10961]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16600]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16102]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16277]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [11636]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15562]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [14473]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [13732]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [14126]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [11155]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15853]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [14012]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [12178]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15134]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16102]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [12273]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [14473]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [14126]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15562]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [13732]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [11155]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15853]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16277]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [14012]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [12178]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15134]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [11636]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15441]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [12273]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [16600]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied zabbix_proxy [15396]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied Dec 12 20:14:00 queeg500 newsyslog[3283]: logfile turned over due to size>500K 10636:20221212:201313.437 cannot send list of active checks to "172.20.223.4": host [prowler] not monitored 12453:20221212:201129.424 housekeeper [deleted 243661 records in 0.365225 sec, idle for 1 hour(s)] 12453:20221212:201129.049 executing housekeeper
I think it's as simple as changing the contents of /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf
from
/var/log/zabbix-proxy/zabbix_proxy.log root:wheel 600 7 500 * JC
to
/var/log/zabbix-proxy/zabbix_proxy.log zabbix:zabbix 600 7 500 * JC
I think the reason I can go a long time without seeing the problem is because the logs only rotated once it reaches 500K.. not daily like I falsey imagined it was.
I also believe it'll be worth repeating for /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf
Updated by Steve Scotter about 2 years ago
I've updated to 1.0.5
and checked the contents of /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf
, it's still setting the owner:group to root:wheel, so the updated hasn't resolved the issue
In all fairness, the package update to 1.0.5 was likely more around updating Zabbix Proxy software and not addressing this issue.
In order to speed up troubleshooting I have added DebugLevel=4
under Advanced Parameters in order to fill the log up much quicker than it normally would.
As soon as it hit 500K it was rotated and the ownership changed from zabbix:zabbix to root:wheel. I think this confirms my proposed solution above.
[2.6.0-RELEASE][root@queeg500.iman.ptptech.co.uk]/root: ls -l /var/log/zabbix-proxy/ total 334 -rw------- 1 root wheel 80 Dec 22 15:36 zabbix_proxy.log -rw------- 1 root wheel 121308 Dec 22 15:36 zabbix_proxy.log.0.bz2 -rw-rw-r-- 1 zabbix zabbix 1120914 Dec 22 15:45 zabbix_proxy.log.old
I don't know if it's important but the properties on the files are set to 0664
upon (re)starting the Zabbix proxy service, but newsyslog is setting it to 0600
Cheers
Steve
Updated by Cyril Christin 8 months ago
This problem still exists in the latest version of pfSense (2.7.2-RELEASE) with all Zabbix agent and proxy packages (pfSense-pkg-zabbix-*)
You can reproduce this bug without needing a Zabbix server for the tests:- Install the Zabbix agent and proxy packages (any version)
- Configure the package Zabbix agent: Enabled=[checked], Server=[127.0.0.1], Hostname=[localhost], Advanced Features/User Parameters=[DebugLevel=5]
- Configure the package Zabbix proxy: Enabled=[checked], Server=[127.0.0.1], Hostname=[localhost], Advanced Features/Advanced Parameters=[DebugLevel=4]
- Restart the Zabbix agent and proxy services
/usr/local/sbin/pfSsh.php playback svc restart zabbix_agentd /usr/local/sbin/pfSsh.php playback svc restart zabbix_proxy
- List the Zabbix agent and proxy log files: the file owner is
zabbix
, the groupzabbix
and permissions0664
ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log # -rw-rw-r-- 1 zabbix zabbix 3108 Apr 30 03:47 /var/log/zabbix-agent/zabbix_agentd.log # -rw-rw-r-- 1 zabbix zabbix 100248 Apr 30 03:47 /var/log/zabbix-proxy/zabbix_proxy.log
- Within a few minutes the log files should be larger than 500 kilobytes triggering a log rotation (agent takes a while longer)
We can see the bug/problem with the log files now having the owner asroot
, the group aswheel
and permissions set to0600
ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log # -rw------- 1 root wheel 85 Apr 30 04:22 /var/log/zabbix-agent/zabbix_agentd.log # -rw------- 1 root wheel 85 Apr 30 03:49 /var/log/zabbix-proxy/zabbix_proxy.log
- Once the log rotation has taken place, the Zabbix agent and proxy cannot write to the log files anymore
Using the GUI, navigate toStatus > System Logs > Packages > Zabbix Agent/Proxy
and you can see# Zabbix Agent Log Entries zabbix_agentd [75082]: failed to open log file: [13] Permission denied zabbix_agentd [75082]: failed to open log file: [13] Permission denied zabbix_agentd [75082]: failed to open log file: [13] Permission denied zabbix_agentd [75082]: failed to open log file: [13] Permission denied zabbix_agentd [75082]: failed to open log file: [13] Permission denied ### lines above repeat ### Apr 30 04:22:00 pfSense-Tests newsyslog[75419]: logfile turned over due to size>500K # Zabbix Proxy Log Entries zabbix_proxy [66641]: failed to open log file: [13] Permission denied zabbix_proxy [65053]: failed to open log file: [13] Permission denied zabbix_proxy [63805]: failed to open log file: [13] Permission denied zabbix_proxy [64771]: failed to open log file: [13] Permission denied zabbix_proxy [65545]: failed to open log file: [13] Permission denied ### lines above repeat ### Apr 30 03:49:00 pfSense-Tests newsyslog[20325]: logfile turned over due to size>500K
- Therefore the Zabbix agent and proxy services cannot write to their log files until their services are restarted
Once the services are restarted we can see the log files have the correct owner aszabbix
, groupzabbix
but unchanged permissions0600
ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log # -rw------- 1 root wheel 85 Apr 30 04:22 /var/log/zabbix-agent/zabbix_agentd.log # -rw------- 1 root wheel 85 Apr 30 03:49 /var/log/zabbix-proxy/zabbix_proxy.log /usr/local/sbin/pfSsh.php playback svc restart zabbix_agentd # Attempting to issue restart to zabbix_agentd service... # zabbix_agentd has been restarted. /usr/local/sbin/pfSsh.php playback svc restart zabbix_proxy # Attempting to issue restart to zabbix_proxy service... # zabbix_proxy has been restarted. ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log # -rw------- 1 zabbix zabbix 3797 Apr 30 04:31 /var/log/zabbix-agent/zabbix_agentd.log # -rw------- 1 zabbix zabbix 472697 Apr 30 04:31 /var/log/zabbix-proxy/zabbix_proxy.log
- We can also produce this bug/problem by manually running log rotations using the
newsyslog -R tagname file
commandls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log # -rw------- 1 zabbix zabbix 4071 Apr 30 05:24 /var/log/zabbix-agent/zabbix_agentd.log # -rw------- 1 zabbix zabbix 92027 Apr 30 05:24 /var/log/zabbix-proxy/zabbix_proxy.log newsyslog -R "Test log rotation" /var/log/zabbix-agent/zabbix_agentd.log newsyslog -R "Test log rotation" /var/log/zabbix-proxy/zabbix_proxy.log ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log # -rw------- 1 root wheel 101 Apr 30 05:24 /var/log/zabbix-agent/zabbix_agentd.log # -rw------- 1 root wheel 101 Apr 30 05:24 /var/log/zabbix-proxy/zabbix_proxy.log
Applying the suggested changes by Steve Scotter does fix this bug/problem, however the edited files get overwritten upon restarting the syslogd
service (or router)
sed 's/root:wheel/zabbix:zabbix/g' /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf > /tmp/zabbix_agentd.log.tmp ; cat /tmp/zabbix_agentd.log.tmp > /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf ; rm -f /tmp/zabbix_agentd.log.tmp
cat /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf
# # Automatically generated for package Zabbix Agent 6.4. Do not edit.
# /var/log/zabbix-agent/zabbix_agentd.log zabbix:zabbix 600 7 500 * C
sed 's/root:wheel/zabbix:zabbix/g' /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf > /tmp/zabbix_proxy.log.tmp ; cat /tmp/zabbix_proxy.log.tmp > /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf ; rm -f /tmp/zabbix_proxy.log.tmp
cat /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf
# # Automatically generated for package Zabbix Proxy 6.4. Do not edit.
# /var/log/zabbix-proxy/zabbix_proxy.log zabbix:zabbix 600 7 500 * C
/usr/local/sbin/pfSsh.php playback svc restart syslogd
# Attempting to issue restart to syslogd service...
# syslogd has been restarted.
cat /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf
# # Automatically generated for package Zabbix Agent 6.4. Do not edit.
# /var/log/zabbix-agent/zabbix_agentd.log root:wheel 600 7 500 * C
cat /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf
# # Automatically generated for package Zabbix Proxy 6.4. Do not edit.
# /var/log/zabbix-proxy/zabbix_proxy.log root:wheel 600 7 500 * C
As the files are automatically generated, we need to edit the Zabbix agent and proxy pfSense packages configurations
- Edit the main pfSense configuration file
/cf/conf/config.xml
data located atinstalledpackages > package > logging
Add the lines<logowner>zabbix:zabbix</logowner>
and<logmode>664</logmode>
for the Zabbix agent and proxy packagescat /cf/conf/config.xml > /tmp/config.xml.bck sed 's/zabbix_agentd.log<\/logfilename>/zabbix_agentd.log<\/logfilename>\n\t\t\t\t<logowner>zabbix:zabbix<\/logowner>\n\t\t\t\t<logmode>664<\/logmode>/g' /cf/conf/config.xml > /tmp/config.xml.tmp cat /tmp/config.xml.tmp > /cf/conf/config.xml sed 's/zabbix_proxy.log<\/logfilename>/zabbix_proxy.log<\/logfilename>\n\t\t\t\t<logowner>zabbix:zabbix<\/logowner>\n\t\t\t\t<logmode>664<\/logmode>/g' /cf/conf/config.xml > /tmp/config.xml.tmp cat /tmp/config.xml.tmp > /cf/conf/config.xml rm /tmp/config.xml.tmp /tmp/config.cache diff /tmp/config.xml.bck /cf/conf/config.xml # 769a770,771 # > <logowner>zabbix:zabbix</logowner> # > <logmode>664</logmode> # 802a805,806 # > <logowner>zabbix:zabbix</logowner> # > <logmode>664</logmode> rm /tmp/config.xml.bck
- Although it does not seem to be required, edit the Zabbix agent and proxy pfSense packages information files
/usr/local/share/pfSense-pkg-zabbix-*****/info.xml
Also add the lines<logowner>zabbix:zabbix</logowner>
and<logmode>664</logmode>
for the Zabbix agent and proxy packages information filesls -la /usr/local/share/pfSense-pkg-zabbix-*/info.xml # -rw-r--r-- 1 root wheel 1305 Mar 4 21:02 /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml # -rw-r--r-- 1 root wheel 1304 Mar 4 21:07 /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml cat /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml > /tmp/zabbix-agent-info.xml.bck sed 's/zabbix_agentd.log<\/logfilename>/zabbix_agentd.log<\/logfilename>\n\t\t\t<logowner>zabbix:zabbix<\/logowner>\n\t\t\t<logmode>664<\/logmode>/g' /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml > /tmp/zabbix-agent-info.xml cat /tmp/zabbix-agent-info.xml > /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml ; rm -f /tmp/zabbix-agent-info.xml diff /tmp/zabbix-agent-info.xml.bck /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml # 20a21,22 # > <logowner>zabbix:zabbix</logowner> # > <logmode>664</logmode> cat /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml > /tmp/zabbix-proxy-info.xml.bck sed 's/zabbix_proxy.log<\/logfilename>/zabbix_proxy.log<\/logfilename>\n\t\t\t<logowner>zabbix:zabbix<\/logowner>\n\t\t\t<logmode>664<\/logmode>/g' /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml > /tmp/zabbix-proxy-info.xml cat /tmp/zabbix-proxy-info.xml > /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml ; rm -f /tmp/zabbix-proxy-info.xml diff /tmp/zabbix-proxy-info.xml.bck /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml # 20a21,22 # > <logowner>zabbix:zabbix</logowner> # > <logmode>664</logmode> rm -f /tmp/zabbix-agent-info.xml.bck /tmp/zabbix-proxy-info.xml.bck
- Restart the
syslog
service and validate this fixes the bug/problem with the correct owner aszabbix
, groupzabbix
and permissions0664
for the Zabbix agent and proxy log files/usr/local/sbin/pfSsh.php playback svc restart syslogd # Attempting to issue restart to syslogd service... # syslogd has been restarted. cat /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf # # Automatically generated for package Zabbix Agent 6.4. Do not edit. # /var/log/zabbix-agent/zabbix_agentd.log zabbix:zabbix 664 7 500 * C cat /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf # # Automatically generated for package Zabbix Proxy 6.4. Do not edit. # /var/log/zabbix-proxy/zabbix_proxy.log zabbix:zabbix 664 7 500 * C newsyslog -R "Test log rotation" /var/log/zabbix-agent/zabbix_agentd.log newsyslog -R "Test log rotation" /var/log/zabbix-proxy/zabbix_proxy.log ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log # -rw-rw-r-- 1 zabbix zabbix 6057 Apr 30 07:25 /var/log/zabbix-agent/zabbix_agentd.log # -rw-rw-r-- 1 zabbix zabbix 57100 Apr 30 07:25 /var/log/zabbix-proxy/zabbix_proxy.log
When the Zabbix agent and proxy log files do not exist, they are created by their Zabbix daemon with the (configured) user and group zabbix
and permissions 0664
.
We can also confirm this from the Zabbix source code, in the file daemon.c
at line 321
where they set the umask to 0002
:
This is correctly reflected in the pfSense-pkg-zabbix-agent
and pfSense-pkg-zabbix-agent
packages PHP functions sync_package_zabbix_*****
:
https://github.com/pfsense/FreeBSD-ports/blob/7cdea69cd2ae75725652c6181a53a48069bd66d5/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent.inc#L279
https://github.com/pfsense/FreeBSD-ports/blob/7cdea69cd2ae75725652c6181a53a48069bd66d5/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy.inc#L241
Therefore the fix for this bug/problem is configuring the permissions to 0664
and using the configured user and group zabbix
.
A pull request (1371) implementing the above changes has been submitted on GitHub: