I have recently configured BigBrother to monitor the linux servers in our environment. The only problem is that it is unable to read the /var/log/messages file in the servers. Due to some restrictions I can't make the bb user a member of the highly priviledged groups. The current permissions on the /var/log/messages is either 600 or 640. If I change it manually, with every log rotation it is automatically set to 600 or 640. Is there a way to make it 644 permanently so that it retains 644 even after log rotation or a -HUP?

The idea is that not every man and his dog can read /var/log/messages because there may be critical information contained. Can your log read call another program to read the file, if so it could call a set uid program to do this small task.

More details on this please. Which set uid program can I use and how will it do that?

I am not familiar with the BigBrother program but can it use an external program to read the log file? How does it get the remote log files?

Then you write a very small C program which *only* reads /var/log/messages and make it a setgid program as that would give it the read rights.

Or you setup a single user whose only job is to read /var/log/messages, and use ssh and public/private key pair so that your log reader can use that user on the remote machine to read the file.