We need to monitor a log file on linux with the splunk forwarder(splunk user account which is local). Log file is owned by another user account. Tried assigning the read permission using the chmod command but this not working since log file get rolled over when it reached to 10MB. So permissions were not carried to the file. Can some help me with the best practice you follow to assign the permissions to log file.
Thanks.
You generally need to modify the process that creates the files or put them in a directory that forces the correct permissions on all files within.