Skip to main content

File Access Permissions

Common Problems

These happen when Elastic Agent doesn’t have the rights to read the log files you want to collect.

  • Permission denied errors when reading files in /var/log/

  • Logs not appearing even though the integration is installed

  • Elastic Agent cannot access rotated log files (e.g., syslog.1, auth.log.1)

  • Agent runs as a user that cannot read application logs (e.g., Nginx, Apache custom folders)

  • SELinux/AppArmor blocking access to certain paths

  • Docker container logs not accessible due to restricted permissions

Symptoms

  • No log events received in Elasticsearch

  • Errors in Agent logs like:


    Failed to open file: permission denied

  • Integration says “Healthy” but shows 0 documents ingested

Fixes

  • Use chmod or chown to grant read permissions

  • Add the agent user to the appropriate group (e.g., adm on Ubuntu)

  • Adjust SELinux policies or switch to permissive mode

  • Verify the log path exists and is readable

Back to top