Fix ACC-L Permission Denied issuesSummary In the current versions of ACC, when deploying the agent to the monitored CIs, it is created and run by a dedicated user named 'servicenow' which has minimal permissions. When enabling the Agent Client Collector Log Analytics (ACC-L) plugin, deployed agents will begin to stream logs from the monitored CIs per their matching Log Policies. However, in some cases, the defined log paths require higher permissions which the 'servicenow' user does not have (e.g. log files under "/var/log" in Linux which require sudo/root access). This article suggests an optional workaround for overcoming this issue, to allow the ITOM Agent to collect and stream all the logs from the monitored devices into ServiceNow's Health Log Analytics (HLA) product - and unleash the full power and potential of our Predictive AIOps solution. ! Disclaimer: This article provides a suggested workaround, and not an official ServiceNow solution. The users assume all responsibility for following the suggested instructions below. ReleaseThis applies to the ACC-L versions running on ServiceNow's Rome and San Diego family releases.InstructionsGrant 'read' access to the 'servicenow' user on Linux: Run the two 'setfacl' (=set file access-control list) Linux-commands below against the relevant monitored log paths (directories), in order to to add the required 'read' permissions for the 'servicenow' user to all the files within those paths. ! Notice - you must run these commands against the highest/first directory in the path to which the 'servicenow' user currently does not have access. In the following example, the commands are executed against the /var/log path and all of its subdirectories*: 1. sudo setfacl -Rm u:servicenow:r-X /var/log 2. sudo setfacl -Rdm u:servicenow:r-X /var/log *If you wish to only apply the ACLs to the directory in question (without its subdirectories) – simply remove the R (Recursive) flag from the commands. Command #1 will apply to all the existing files in the directory (and subdirs). Command #2 will change the default ACL for the directory (and subdirs) so it would apply for any future files created within them (to support log rotation). Grant 'read' access to the 'servicenow' user on Windows: The same approach can be taken in cases of ACC-L running on Windows CIs and getting Permission Denied trying to stream certain log files stored in local folders. In which case, you can change the Security permissions of the folder in question, by opening its properties, and granting 'Read' access to the 'servicenow' user. Related Links! Notice: when streaming Windows Event Logs using the default Windows OS Event Logs ACC Log Policy, the Security EventLogs will not stream by default, as they require admin access.