Suricata

Log forwarders that run as less than root can't read log files, as they have a umask of 0127 that is hardcoded in util-daemon. That means modifying an upstart script to add a umask, for instance, is ignored.

Here's the code:
https://github.com/inliniac/suricata/blob/fc7f090cd3268a3a624177cef32a9576b74975e3/src/util-daemon.c#L127

I think it's "just" a matter of reading in a umask from the suricata.yaml config. Yes, there are security concerns with allowing world-readable; there are also security concerns with log forwarders running as root.