How to confirm Existence and Permissions of System Log Files
For each log file LOGFILE referenced in /etc/syslog.conf or /etc/rsyslog.conf, run the commands:
# touch LOGFILE
# chown root:root LOGFILE
# chmod 0600 LOGFILE
# chown root:root LOGFILE
# chmod 0600 LOGFILE
Syslog will refuse to log to a file which does not exist. All messages intended for that file will be silently discarded, so it is important to verify that all log files exist. Some logs may contain sensitive information, so it is better to restrict permissions so that only administrative users can read or write logfiles.
