The datadog agent runs under the dd-agent user and dd-agent group. This prevents dd-agent accessing the logs in /var/log as they are only accessible by root (or a sudo admin).
In order to allow read only access for dd-agent only, create ACL's and modify logrotate to persist the permissions changes.
You can manually set the ACL with:
sudo setfacl -m g:dd-agent:rx /var/log/<application-name>
This will not persist as logrotate will not re-apply the ACL setting so for a more permanent solution you can add a rule to logrotate to reset the ACL. You will need to create a new file: