Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Logging Reference Guide
  3. Using logs
  4. About unified logging
  5. Accessibility of the unified logs
NetBackup™ Logging Reference Guide

Accessibility of the unified logs

NetBackup sets the permissions on the unified log directories to a restrictive but configurable level. This change is designed to prevent unauthorized access to the NetBackup logs, which may contain sensitive information.

Changing accessibility of the unified logs

You can change the default log file permissions to make them less restrictive. Use the vxlogcfg command to change the log file or folder permissions. You can change the permissions of a specific Originator ID (OID) or you can change the default permissions that applies to all the OIDs. For folder permissions, the Default.LogFilePermissions is considered.

The folder and file permissions do not change instantly after running the vxlogcfg command. If you want to apply the permissions immediately, restart the NetBackup services. For more information on restarting the services, see this article. The file and folder permissions are applied during the next log rollover cycle that depends on the length of the logs and the configured log file sizes. The maximum rollover period is one day. So, in this case, the new permissions reflects after one day afer changing the file permissions. The permissions of existing log files in the system are not changed.

Here are some examples for changing the default log permissions:

  • These two example commands change file permissions to 644 for all the components. The folder gets additional execute permissions (755).

    • /usr/openv/netbackup/bin/vxlogcfg -a --prodid 51216 -o ALL -s LogFilePermissions=644

    • /usr/openv/netbackup/bin/vxlogcfg -a --prodid 51216 -o ALL -s DynaReloadInSec=120

  • To change the permissions for any originator ID, use the following example command:

    /usr/openv/netbackup/bin/vxlogcfg -a --prodid 51216 --orgid 111 -s LogFilePermissions=644

    This command applies the 644 permission to the originator ID 111, which represents nbemm. For all other component orgid, refer to /usr/openv/netbackup/nblog.conf.

    Note:

    By default, the parameter Default.LogFilePermissions from the nblog.conf file is followed for all folder permissions. When you use OID specific permissions, <OID>.LogFilePermissions parameters are used.

  • To change permissions for a PBX log in the icsul.conf file, use the following example command:

    /usr/openv/netbackup/bin/vxlogcfg -a --prodid 50936 -o 103 -s LogFilePermissions=644

    If you want to apply the permissions immediately, restart the PBX services. For more information on restarting the services, see this article.

Feedback

Was this page helpful?
Previous

Examples of using vxlogcfg to configure unified logs

Next

About legacy logging

Feedback

Was this page helpful?