Problem:
Icinga writes logs as nagios:nagios to /var/log/icinga/icinga.log. However, Puppet sets the permissions of the /var/log/icinga directory as follows:
file { '/var/log/icinga': ensure => 'directory', owner => $icinga_user, group => 'adm', mode => '2755', }
This configuration causes Puppet to change the permissions on every run, with the following notice: Notice: /Stage[main]/Icinga/File[/var/log/icinga/icinga.log]/group: group changed 'nagios' to 'adm' (corrective).
Proposed Solutions:
- Option 1: Configure Icinga to write logs as nagios:adm.
- Option 2: Update Puppet permissions to set nagios as the group for the /var/log/icinga directory.