By combining the above provided solutions and to share with all with how I have implemented is as per below: # touch /var/log/splunklog # setfacl -Rm g:splunk:rX,d:g:splunk:rX /var/log # cat /etc/logrotate.d/splunk_acl /var/log/splunklog { postrotate /usr/bin/setfacl -Rm g:splunk:rX /var/log touch /var/log/splunklog endscript } The above solution gives splunk group r-x recursive access to directories within /var/log and read only access to files.
... View more