Logrotation permissions troubles

Question

I think I have a mess with the log files on one of my Ubuntu servers and need advice + recipes on how to repair this. I am seeing lots of errors like these when log rotation occurs:

error: failed to rename /var/log/dovecot.log to /var/log/dovecot.log.1: Permission denied
error: failed to rename /var/log/mail.err to /var/log/mail.err.1: Permission denied
error: failed to rename /var/log/mail.log to /var/log/mail.log.1: Permission denied
error: failed to rename /var/log/owncloud.log to /var/log/owncloud.log.1: Permission denied
error: error renaming /var/log/syslog.5 to /var/log/syslog.6: Permission denied
error: error renaming /var/log/amavis.log.3 to /var/log/amavis.log.4: Permission denied
error: error renaming /var/log/auth.log.3 to /var/log/auth.log.4: Permission denied
error: error renaming /var/log/nginx/access.log.6 to /var/log/nginx/access.log.7: Permission denied
error: error renaming /var/log/nginx/error.log.8 to /var/log/nginx/error.log.9: Permission denied
error: error renaming /var/log/kern.log.3 to /var/log/kern.log.4: Permission denied

Contents of my logrotate config (/etc/logrotate.conf.daily)

daily

rotate 3
missingok
su root syslog

include /etc/logrotate.d/daily

And the syslog logrotation config under /etc/loggrotate.daily/syslog.daily is

/var/log/syslog {
        su root syslog
        rotate 5
        missingok
        postrotate
                invoke-rc.d rsyslog rotate > /dev/null
        endscript
        create 644 root syslog
}

My questions now:

1. What permissions should have the root /var/log directory? Currently it is drwxr-xr-x 12 root syslog 4.0K Mar 19 11:48 log Anything wrong with that?

2. Is there a trick, a command, how I can find out the permissions each log file needs? For example dovecot.log, what users/groups/file perms to set? This for all the above log files.

Thanks heaps