It seems the only way to gather nginx, apache and system logs through the graylog collector is to run it as root.
Best practice holds that running services as root is generally ill advised.
Is there a way to collect said logs apart from running the service as root, or is that the general way to go?
I know this thread is almost 20 days old, but still :
I am running the graylog-collector as a custom user, using an init script with the following content :
do_start () {
log_daemon_msg "Starting system $NAME Daemon"
if [ ! -e $PIDDIR ] ; then
mkdir $PIDDIR
chown ${DAEMON_USER}:${DAEMON_USER} $PIDDIR
fi
start-stop-daemon --background --start \
--user $DAEMON_USER \
--chuid $DAEMON_USER \
--make-pidfile \
--pidfile $PIDFILE \
--startas /bin/bash -- -c "exec $DAEMON $DAEMON_OPT >> /var/log/graylog-collector/console.log 2>&1" || return 2
sleep 2
log_end_msg $?
}
Might be interesting to know that i did a custom install, as there is no packages built for debian 6.
Hope this helps.
In Centos6, many items I want to track via Graylog are permissions 600 owned by root:root. So short of changing ownership/permissions of all /var/log files on all of my servers, there isn't a good way for graylog-collector to access these files without running as root.
I'm new to graylog, but gather that graylog-collector is just sending information (not listening on any ports). So that lowers the risk some. Running tomcat, apache, or some other listening daemon as root has higher risks.
