By default, Zabbix agent under Linux environment runs under user 'zabbix'.
Most of the times when we need to monitor a log file, we need to add extra permission.
For example, to monitor 'oracle' related logs, we need to do is to assign user 'zabbix' to group oracle. This approach is relatively convenient.
But sometimes a log is not produced by a dedicated application user, for example, /var/log/messages, /var/log/syslog
Currently, one way is to have 'AllowRoot=1' in agent which is too much. We can whitelist and blacklist some agent keys starting with 5.0.
To go out from problem we can assign a custom user group for the file. chown zabbix:root /var/log/messages
Now it's also required to install a custom rule for log rotation
It would be nice to have an option (an override) to fork the log item key under 'sudo' environment.