Resolving Log Analytics File Permissions

If you’ve just started using Oracle Management Cloud Log Analytics service, you might have noticed some files that you expect to see are not being loaded into the cloud.  Most likely this is because your agent does not have the right permissions to read the file.

Identifying Permission Warnings

In the Log Analytics dashboard, the bell icon indicates Warnings or notifications for the administrator.

laerrors1

If you click on this icon, you’ll get the breakdown of files that the Cloud Agent either can’t find or can’t read.   The file warnings are broken down by Top Targets and Top Sources.

laerrors2
Log Analytics Warnings

We’re going to take a look at the error that has to do with permissions, as this is most likely what you’ll find when setting up your log sources.  The agent owner needs to have read permissions on a file.  For some of the root level files, such as syslog and messages, you may need to grant permissions explicitly to that agent user.  You can see in the image below, the messages files exist, but I don’t have permissions to read them.

laerrors3

Resolving Permissions Errors

ACLs allow for a much granular method of access privileges then your standard chown/chmod does. If you don’t have the setfacl command available, you might need to install the acl package.  You can do that by issuing the following command as a root user:  yum install acl.    If that is not an option, the standard chmod method of granting read access will work as well.

As a root user use the setfacl command to add read permissions to the agent owner for these files. In my example, the agent owner is “cllamas”.

laerrors5

Now when I switch back to the agent owner, I can successfully read the file.

laerrors6

Refreshing my dashboard automatically clears the warning message and updates the Top Targets charts.

laerrors7

Since I don’t have Apache HTTP running I can Suppress the other errors.  I can fix this permanently by disassociating the Apache log source under Configuration.

laerrors9