Project

General

Profile

Actions

Bug #13444

open

zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied

Added by Steve Scotter about 2 years ago. Updated 7 months ago.

Status:
Incomplete
Priority:
Normal
Assignee:
-
Category:
Zabbix
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Hi

I frequently come across this issue when trying to investigate why a Zabbix agent isn't communicating successfully with our Zabbix server.

When I navigate to https://pfsense-ip-address/status_logs_packages.php?pkg=Zabbix%20Proxy%205.0 I'm presented with the following (truncated) logs

Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K
zabbix_proxy [78631]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [82116]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
*** Above lines repeated 50+ times ***
Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K
...
...

Logging appears to have stopped ~40 days ago.

Restarting the Zabbix proxy service (via https://pfsense-ip-address/status_services.php#) gets logging working again, however its a pain because I generally speaking I wanted to see the logs for the past to investigate the problem I'm dealing with at that specific time.

I suspect the issue is related to log rotation and file permissions based on the Permission denied error and that newsyslog is mentioned before and after the logging stops working.

Today, before I restart the service I checked who owned the log file...

[2.6.0-RELEASE][root@pfsense-ip-address]/root: ls -l /var/log/zabbix-proxy/
total 106
-rw-------  1 root  wheel     80 Jul 15 03:09 zabbix_proxy.log
-rw-------  1 root  wheel  29744 Jul 15 03:09 zabbix_proxy.log.0.bz2
-rw-------  1 root  wheel  33193 Jun  6 13:47 zabbix_proxy.log.1.bz2
-rw-------  1 root  wheel  34871 May  4 09:48 zabbix_proxy.log.2.bz2

After I restarted the service I checked again...

[2.6.0-RELEASE][root@fsense-ip-address]/root: ls -l /var/log/zabbix-proxy/
total 110
-rw-------  1 zabbix  zabbix   3218 Aug 25 13:42 zabbix_proxy.log
-rw-------  1 zabbix  zabbix  29744 Jul 15 03:09 zabbix_proxy.log.0.bz2
-rw-------  1 zabbix  zabbix  33193 Jun  6 13:47 zabbix_proxy.log.1.bz2
-rw-------  1 zabbix  zabbix  34871 May  4 09:48 zabbix_proxy.log.2.bz2

Investigating further I found the contents of `/var/etc/newsyslog.conf.d/zabbix_proxy.log.conf` does indeed set the owner to root

# Automatically generated for package Zabbix Proxy 5.0. Do not edit.
/var/log/zabbix-proxy/zabbix_proxy.log          root:wheel      600     7       500     *       JC

I'll try and remember to check tomorrow but I suspect the files will be owned by root again after the (presumably) daily log rotation occurs.

I haven't made any customizations to the pfsense box. The only other plugins installed are
  • open-vm-tools v10.1.0_5,1
  • openvpn-client-export v1.6_4
  • zabbix-agent5 v1.0.4_12
  • zabbix-proxy5 v1.0.4_12

I compared `/var/etc/newsyslog.conf.d/zabbix_ agentd .log.conf` with `/var/etc/newsyslog.conf.d/zabbix_ proxy .log.conf`, both set the owners to root

I then checked the ownership of the agent's log files, to my surprize they're owned by Zabbix. I have not restarted the Zabbix agent service today

ls -l /var/log/zabbix-agent/
total 5
-rw-rw-r--  1 zabbix  zabbix  11450 Aug 15 11:49 zabbix_agentd.log
Actions #1

Updated by Kris Phillips about 2 years ago

Hello Steve,

Which version of the Zabbix package are you seeing this behavior? There are several.

Actions #2

Updated by Kris Phillips about 2 years ago

  • Status changed from New to Incomplete

Marking as Incomplete until additional details, per previous request, is provided.

Actions #3

Updated by Juraj Lutter almost 2 years ago

I see the same behavior, independently from Zabbix versions. The problem indeed, is in newsyslog config for the services.
These erroneous files are not leftovers after previous versions or something similar. I even did

pkg install -f pfSense-pkg-zabbix-proxy5

to no avail.

Actions #4

Updated by Steve Scotter almost 2 years ago

Apologies for the delay Kris. Zabbix had been behaving itself for quite some time (or rather I hadn't noticed it was playing up) until recently (based on the logs, on the Dec 12th, some ten days ago).

In my environment I'm running the Zabbix 5.0 LTS edition. The pfsense package details were in the original description however, I've now formatted it a little better for you. Here are all the packages installed on my system

Pakcage Name Category Version
Open-VM-Tools emulators 10.1.0_5,1
openvpn-client-export security 1.6_4
Service_Watchdog sysutils 1.8.7_1
zabbix-agent5 net-mgmt 1.0.4_12
zabbix-proxy5 net-mgmt 1.0.4_12

I'm aware there is an update from 1.0.4_12 to 1.0.5 which I'm now about to install it.

Recent log entries

Dec 12 20:14:00 queeg500 newsyslog[3283]: logfile turned over due to size>500K
zabbix_proxy [12769]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16820]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16655]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [10636]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [11324]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [11803]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [10961]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [10498]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [10616]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15441]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15396]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15279]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [12769]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16820]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [11324]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [11803]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [10616]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16655]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [10961]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16600]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16102]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16277]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [11636]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15562]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [14473]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [13732]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [14126]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [11155]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15853]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [14012]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [12178]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15134]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16102]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [12273]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [14473]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [14126]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15562]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [13732]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [11155]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15853]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16277]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [14012]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [12178]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15134]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [11636]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15441]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [12273]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [16600]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [15396]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
Dec 12 20:14:00 queeg500 newsyslog[3283]: logfile turned over due to size>500K
10636:20221212:201313.437 cannot send list of active checks to "172.20.223.4": host [prowler] not monitored
12453:20221212:201129.424 housekeeper [deleted 243661 records in 0.365225 sec, idle for 1 hour(s)]
12453:20221212:201129.049 executing housekeeper

I think it's as simple as changing the contents of /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf from

/var/log/zabbix-proxy/zabbix_proxy.log          root:wheel      600     7       500     *       JC

to

/var/log/zabbix-proxy/zabbix_proxy.log          zabbix:zabbix      600     7       500     *       JC

I think the reason I can go a long time without seeing the problem is because the logs only rotated once it reaches 500K.. not daily like I falsey imagined it was.

I also believe it'll be worth repeating for /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf

Actions #5

Updated by Steve Scotter almost 2 years ago

I've updated to 1.0.5 and checked the contents of /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf, it's still setting the owner:group to root:wheel, so the updated hasn't resolved the issue

In all fairness, the package update to 1.0.5 was likely more around updating Zabbix Proxy software and not addressing this issue.

In order to speed up troubleshooting I have added DebugLevel=4 under Advanced Parameters in order to fill the log up much quicker than it normally would.

As soon as it hit 500K it was rotated and the ownership changed from zabbix:zabbix to root:wheel. I think this confirms my proposed solution above.

[2.6.0-RELEASE][root@queeg500.iman.ptptech.co.uk]/root: ls -l /var/log/zabbix-proxy/
total 334
-rw-------  1 root    wheel        80 Dec 22 15:36 zabbix_proxy.log
-rw-------  1 root    wheel    121308 Dec 22 15:36 zabbix_proxy.log.0.bz2
-rw-rw-r--  1 zabbix  zabbix  1120914 Dec 22 15:45 zabbix_proxy.log.old

I don't know if it's important but the properties on the files are set to 0664 upon (re)starting the Zabbix proxy service, but newsyslog is setting it to 0600

Cheers

Steve

Actions #6

Updated by Cyril Christin 7 months ago

This problem still exists in the latest version of pfSense (2.7.2-RELEASE) with all Zabbix agent and proxy packages (pfSense-pkg-zabbix-*)

You can reproduce this bug without needing a Zabbix server for the tests:
  1. Install the Zabbix agent and proxy packages (any version)
  2. Configure the package Zabbix agent: Enabled=[checked], Server=[127.0.0.1], Hostname=[localhost], Advanced Features/User Parameters=[DebugLevel=5]
  3. Configure the package Zabbix proxy: Enabled=[checked], Server=[127.0.0.1], Hostname=[localhost], Advanced Features/Advanced Parameters=[DebugLevel=4]
  4. Restart the Zabbix agent and proxy services
    /usr/local/sbin/pfSsh.php playback svc restart zabbix_agentd
    /usr/local/sbin/pfSsh.php playback svc restart zabbix_proxy
    
  5. List the Zabbix agent and proxy log files: the file owner is zabbix, the group zabbix and permissions 0664
    ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log
    # -rw-rw-r--  1 zabbix zabbix   3108 Apr 30 03:47 /var/log/zabbix-agent/zabbix_agentd.log
    # -rw-rw-r--  1 zabbix zabbix 100248 Apr 30 03:47 /var/log/zabbix-proxy/zabbix_proxy.log
    
  6. Within a few minutes the log files should be larger than 500 kilobytes triggering a log rotation (agent takes a while longer)
    We can see the bug/problem with the log files now having the owner as root, the group as wheel and permissions set to 0600
    ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log
    # -rw-------  1 root wheel 85 Apr 30 04:22 /var/log/zabbix-agent/zabbix_agentd.log
    # -rw-------  1 root wheel 85 Apr 30 03:49 /var/log/zabbix-proxy/zabbix_proxy.log
    
  7. Once the log rotation has taken place, the Zabbix agent and proxy cannot write to the log files anymore
    Using the GUI, navigate to Status > System Logs > Packages > Zabbix Agent/Proxy and you can see
    # Zabbix Agent Log Entries
    zabbix_agentd [75082]: failed to open log file: [13] Permission denied
    zabbix_agentd [75082]: failed to open log file: [13] Permission denied
    zabbix_agentd [75082]: failed to open log file: [13] Permission denied
    zabbix_agentd [75082]: failed to open log file: [13] Permission denied
    zabbix_agentd [75082]: failed to open log file: [13] Permission denied
       ### lines above repeat ###
    Apr 30 04:22:00 pfSense-Tests newsyslog[75419]: logfile turned over due to size>500K
    
    # Zabbix Proxy Log Entries
    zabbix_proxy [66641]: failed to open log file: [13] Permission denied
    zabbix_proxy [65053]: failed to open log file: [13] Permission denied
    zabbix_proxy [63805]: failed to open log file: [13] Permission denied
    zabbix_proxy [64771]: failed to open log file: [13] Permission denied
    zabbix_proxy [65545]: failed to open log file: [13] Permission denied
       ### lines above repeat ###
    Apr 30 03:49:00 pfSense-Tests newsyslog[20325]: logfile turned over due to size>500K
    
  8. Therefore the Zabbix agent and proxy services cannot write to their log files until their services are restarted
    Once the services are restarted we can see the log files have the correct owner as zabbix, group zabbix but unchanged permissions 0600
    ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log
    # -rw-------  1 root wheel 85 Apr 30 04:22 /var/log/zabbix-agent/zabbix_agentd.log
    # -rw-------  1 root wheel 85 Apr 30 03:49 /var/log/zabbix-proxy/zabbix_proxy.log
    
    /usr/local/sbin/pfSsh.php playback svc restart zabbix_agentd
    # Attempting to issue restart to zabbix_agentd service...
    # zabbix_agentd has been restarted.
    
    /usr/local/sbin/pfSsh.php playback svc restart zabbix_proxy
    # Attempting to issue restart to zabbix_proxy service...
    # zabbix_proxy has been restarted.
    
    ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log
    # -rw-------  1 zabbix zabbix   3797 Apr 30 04:31 /var/log/zabbix-agent/zabbix_agentd.log
    # -rw-------  1 zabbix zabbix 472697 Apr 30 04:31 /var/log/zabbix-proxy/zabbix_proxy.log
    
  9. We can also produce this bug/problem by manually running log rotations using the newsyslog -R tagname file command
    ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log
    # -rw-------  1 zabbix zabbix  4071 Apr 30 05:24 /var/log/zabbix-agent/zabbix_agentd.log
    # -rw-------  1 zabbix zabbix 92027 Apr 30 05:24 /var/log/zabbix-proxy/zabbix_proxy.log
    
    newsyslog -R "Test log rotation" /var/log/zabbix-agent/zabbix_agentd.log
    newsyslog -R "Test log rotation" /var/log/zabbix-proxy/zabbix_proxy.log
    
    ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log
    # -rw-------  1 root wheel 101 Apr 30 05:24 /var/log/zabbix-agent/zabbix_agentd.log
    # -rw-------  1 root wheel 101 Apr 30 05:24 /var/log/zabbix-proxy/zabbix_proxy.log
    

Applying the suggested changes by Steve Scotter does fix this bug/problem, however the edited files get overwritten upon restarting the syslogd service (or router)

sed 's/root:wheel/zabbix:zabbix/g' /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf > /tmp/zabbix_agentd.log.tmp ; cat /tmp/zabbix_agentd.log.tmp > /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf ; rm -f /tmp/zabbix_agentd.log.tmp
cat /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf
# # Automatically generated for package Zabbix Agent 6.4. Do not edit.
# /var/log/zabbix-agent/zabbix_agentd.log         zabbix:zabbix   600     7       500     *       C

sed 's/root:wheel/zabbix:zabbix/g' /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf > /tmp/zabbix_proxy.log.tmp ; cat /tmp/zabbix_proxy.log.tmp > /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf ; rm -f /tmp/zabbix_proxy.log.tmp
cat /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf
# # Automatically generated for package Zabbix Proxy 6.4. Do not edit.
# /var/log/zabbix-proxy/zabbix_proxy.log          zabbix:zabbix   600     7       500     *       C

/usr/local/sbin/pfSsh.php playback svc restart syslogd
# Attempting to issue restart to syslogd service...
# syslogd has been restarted.

cat /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf
# # Automatically generated for package Zabbix Agent 6.4. Do not edit.
# /var/log/zabbix-agent/zabbix_agentd.log         root:wheel      600     7       500     *       C

cat /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf
# # Automatically generated for package Zabbix Proxy 6.4. Do not edit.
# /var/log/zabbix-proxy/zabbix_proxy.log          root:wheel      600     7       500     *       C

As the files are automatically generated, we need to edit the Zabbix agent and proxy pfSense packages configurations
  1. Edit the main pfSense configuration file /cf/conf/config.xml data located at installedpackages > package > logging
    Add the lines <logowner>zabbix:zabbix</logowner> and <logmode>664</logmode> for the Zabbix agent and proxy packages
    cat /cf/conf/config.xml > /tmp/config.xml.bck
    sed 's/zabbix_agentd.log<\/logfilename>/zabbix_agentd.log<\/logfilename>\n\t\t\t\t<logowner>zabbix:zabbix<\/logowner>\n\t\t\t\t<logmode>664<\/logmode>/g' /cf/conf/config.xml > /tmp/config.xml.tmp
    cat /tmp/config.xml.tmp > /cf/conf/config.xml
    sed 's/zabbix_proxy.log<\/logfilename>/zabbix_proxy.log<\/logfilename>\n\t\t\t\t<logowner>zabbix:zabbix<\/logowner>\n\t\t\t\t<logmode>664<\/logmode>/g' /cf/conf/config.xml > /tmp/config.xml.tmp
    cat /tmp/config.xml.tmp > /cf/conf/config.xml
    rm /tmp/config.xml.tmp /tmp/config.cache
    
    diff /tmp/config.xml.bck /cf/conf/config.xml
    # 769a770,771
    # >                       <logowner>zabbix:zabbix</logowner>
    # >                       <logmode>664</logmode>
    # 802a805,806
    # >                       <logowner>zabbix:zabbix</logowner>
    # >                       <logmode>664</logmode>
    rm /tmp/config.xml.bck
    
  2. Although it does not seem to be required, edit the Zabbix agent and proxy pfSense packages information files /usr/local/share/pfSense-pkg-zabbix-*****/info.xml
    Also add the lines <logowner>zabbix:zabbix</logowner> and <logmode>664</logmode> for the Zabbix agent and proxy packages information files
    ls -la /usr/local/share/pfSense-pkg-zabbix-*/info.xml
    # -rw-r--r--  1 root wheel 1305 Mar  4 21:02 /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml
    # -rw-r--r--  1 root wheel 1304 Mar  4 21:07 /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml
    
    cat /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml > /tmp/zabbix-agent-info.xml.bck
    sed 's/zabbix_agentd.log<\/logfilename>/zabbix_agentd.log<\/logfilename>\n\t\t\t<logowner>zabbix:zabbix<\/logowner>\n\t\t\t<logmode>664<\/logmode>/g' /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml > /tmp/zabbix-agent-info.xml
    cat /tmp/zabbix-agent-info.xml > /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml ; rm -f /tmp/zabbix-agent-info.xml
    diff /tmp/zabbix-agent-info.xml.bck /usr/local/share/pfSense-pkg-zabbix-agent64/info.xml
    #  20a21,22
    # >                     <logowner>zabbix:zabbix</logowner>
    # >                     <logmode>664</logmode>
    
    cat /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml > /tmp/zabbix-proxy-info.xml.bck
    sed 's/zabbix_proxy.log<\/logfilename>/zabbix_proxy.log<\/logfilename>\n\t\t\t<logowner>zabbix:zabbix<\/logowner>\n\t\t\t<logmode>664<\/logmode>/g' /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml > /tmp/zabbix-proxy-info.xml
    cat /tmp/zabbix-proxy-info.xml > /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml ; rm -f /tmp/zabbix-proxy-info.xml
    diff /tmp/zabbix-proxy-info.xml.bck /usr/local/share/pfSense-pkg-zabbix-proxy64/info.xml
    # 20a21,22
    # >                     <logowner>zabbix:zabbix</logowner>
    # >                     <logmode>664</logmode>
    
    rm -f /tmp/zabbix-agent-info.xml.bck /tmp/zabbix-proxy-info.xml.bck
    
  3. Restart the syslog service and validate this fixes the bug/problem with the correct owner as zabbix, group zabbix and permissions 0664 for the Zabbix agent and proxy log files
    /usr/local/sbin/pfSsh.php playback svc restart syslogd
    # Attempting to issue restart to syslogd service...
    # syslogd has been restarted.
    
    cat /var/etc/newsyslog.conf.d/zabbix_agentd.log.conf
    # # Automatically generated for package Zabbix Agent 6.4. Do not edit.
    # /var/log/zabbix-agent/zabbix_agentd.log         zabbix:zabbix   664     7       500     *       C
    
    cat /var/etc/newsyslog.conf.d/zabbix_proxy.log.conf
    # # Automatically generated for package Zabbix Proxy 6.4. Do not edit.
    # /var/log/zabbix-proxy/zabbix_proxy.log          zabbix:zabbix   664     7       500     *       C
    
    newsyslog -R "Test log rotation" /var/log/zabbix-agent/zabbix_agentd.log
    newsyslog -R "Test log rotation" /var/log/zabbix-proxy/zabbix_proxy.log
    
    ls -la /var/log/zabbix-agent/zabbix_agentd.log /var/log/zabbix-proxy/zabbix_proxy.log
    # -rw-rw-r--  1 zabbix zabbix  6057 Apr 30 07:25 /var/log/zabbix-agent/zabbix_agentd.log
    # -rw-rw-r--  1 zabbix zabbix 57100 Apr 30 07:25 /var/log/zabbix-proxy/zabbix_proxy.log
    

When the Zabbix agent and proxy log files do not exist, they are created by their Zabbix daemon with the (configured) user and group zabbix and permissions 0664.
We can also confirm this from the Zabbix source code, in the file daemon.c at line 321 where they set the umask to 0002:

https://github.com/zabbix/zabbix/blob/e1d9f811066c857aaeec7d1a92b6f9b512251c1b/src/libs/zbxnix/daemon.c#L321

This is correctly reflected in the pfSense-pkg-zabbix-agent and pfSense-pkg-zabbix-agent packages PHP functions sync_package_zabbix_*****:

https://github.com/pfsense/FreeBSD-ports/blob/7cdea69cd2ae75725652c6181a53a48069bd66d5/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent.inc#L279
https://github.com/pfsense/FreeBSD-ports/blob/7cdea69cd2ae75725652c6181a53a48069bd66d5/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy.inc#L241

Therefore the fix for this bug/problem is configuring the permissions to 0664 and using the configured user and group zabbix.

A pull request (1371) implementing the above changes has been submitted on GitHub:

https://github.com/pfsense/FreeBSD-ports/pull/1371

Actions

Also available in: Atom PDF