Permissions of zeek log files

Hello,

Is there a way to configure the permissions of the logs produced by zeek?
Is there a way to configure the permissions of /opt/zeek/logs directory?

I would like to have an external program running with a user in zeek group to be able to delete those logs when consumed

Hello @Lamorale

Is there a way to configure the permissions of the logs produced by zeek?

The ASCII logger creates log files with a hard-coded mode of 0666. This will be combined with the environment’s umask leading to the final permissions. In your environment it might be 0022 and that would need to be relaxed to 0002 to give group write access.

Permissions for the-level /opt/zeek/logs may need to be set explicitly as a post-install step if you want to customize it. The creation of individual daily directories (in a ZeekControl setup) should take into account the umask setting though.

Hope that helps,
Arne