1

I am setting up a syslog serer that will listen for logs from a Fortigate firewall. Rsyslog gets error

'/home/syslog_cert/ACDC_CA.pem' could not be accessed: Permission denied"
  • This is my rsyslog config: 
    $ sudo cat /etc/rsyslog.conf # /etc/rsyslog.conf configuration file for rsyslog # # For more information install rsyslog-doc and see # /usr/share/doc/rsyslog-doc/html/configuration/index.html # # Default logging rules can be found in /etc/rsyslog.d/50-default.conf global( DefaultNetstreamDriver="gtls" DefaultNetstreamDriverCAFile="/home/syslog_cert/ACDC_CA.pem" DefaultNetstreamDriverCertFile="/home/syslog_cert/server-key-pem.pem" DefaultNetstreamDriverKeyFile="/home/syslog_cert/server-key-nopass.key" ) ################# #### MODULES #### ################# module(load="imtcp" StreamDriver.Name="gtls" StreamDriver.Mode="1" StreamDriver.Authmode="anon") input(type="imtcp" port="6514") module(load="imuxsock") # provides support for local system logging #module(load="immark") # provides --MARK-- message capability # provides kernel logging support and enable non-kernel klog messages module(load="imklog" permitnonkernelfacility="on") ########################### #### GLOBAL DIRECTIVES #### ########################### # Filter duplicated messages $RepeatedMsgReduction on # Set the default permissions for all log files. $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog # Where to place spool and state files $WorkDirectory /var/spool/rsyslog # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf
  • Restart service: 
    sudo systemctl restart rsyslog sudo systemctl status rsyslog sudo journalctl -u rsyslog
  • When I restart the service I get the following error: 
    systemd[1]: Starting rsyslog.service - System Logging Service... rsyslogd[626]: rsyslogd: error: defaultnetstreamdrivercafile file '/home/syslog_cert/ACDC_CA.pem' could not be accessed: Permission denied [v8.212.0 try https://www.rsyslog.com/e/2039 ] rsyslogd[626]: rsyslogd: error: defaultnetstreamdriverkeyfile '/home/syslog_cert/server-key-nopass.key' could not be accessed: Permission denied [v8.212.0 try https://www.rsyslog.com/e/2039 ] rsyslogd[626]: rsyslogd: error: defaultnetstreamdrivercertfile '/home/syslog_cert/server-key-pem.pem' could not be accessed: Permission denied [v8.231.0 try https://www.rsyslog.com/e/2039 ] rsyslogd[626]: rsyslogd: could not load module 'lmnsd_gtls', errors: trying to load module /usr/lib/x86_64-linux-gnu/rsyslog/lmnsd_gtls.so: /usr/lib/x6_64-linux-gnu/rsyslog/lmnsd_gtls.so: cannot open shared object file: No such file or directory [v8.2312.0 try https://www.rsyslog.com/e/2066 ] rsyslogd[626]: rsyslogd: tcpsrv could not create listener (inputname: 'imtcp') [v8.2312.0 try https://www.rsyslog.com/e/2066 ] rsyslogd[626]: rsyslogd: activation of module imtcp failed [v8.2312.0 try https://www.rsyslog.com/e/2066 ]
  • Permissions: 
    $ ls -ld /home drwxr-xr-x 5 root root 4096 Jul 17 10:16 /home $ ls -l /home drwxr-x--- 3 mrx mrx 4096 Jul 17 10:16 mrx drwxr-xr-x 2 syslog syslog 4096 Jul 17 10:16 syslog_cert drwxr-x--- 3 ubuntu ubuntu 4096 Jul 11 08:16 ubuntu $ ls -l syslog_cert/ -rw-r----- 1 syslog syslog 5442 Jul 17 10:02 ACDC_CA.pem -rw-r----- 1 syslog syslog 1678 Jul 17 10:02 server-key-nopass.key -rw-r----- 1 syslog syslog 1938 Jul 17 10:02 server-key-pem.pem
Improve this question
2
  • Your rsyslog service is running as a user ? Commented Jul 17, 2024 at 14:57
  • The user is syslog. ps aux | grep rsyslogd syslog 4345 0.3 1.5 248008 14848 ? Ssl 15:37 0:00 /usr/sbin/rsyslogd -n -iNONE Commented Jul 17, 2024 at 15:40

1 Answer 1

Reset to default
0

Try move the certs to /etc/rsyslog.d
It worked for me :)

Credit to rgerhards from this post: https://github.com/rsyslog/rsyslog/issues/5272

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.