Rsyslog
旋轉日誌時出錯
我對
/var/log/message輪換有兩個問題。以下是日誌消息配置# cat /etc/logrotate.d/logrotate-messages /var/log/messages { daily rotate 7 create dateext dateformat -%Y%m%d compress delaycompress notifempty nomail noolddir postrotate /bin/killall -HUP syslogd endscript }出於某種原因,旋轉後
/var/log/messages沒有任何後綴的文件沒有消息,但最後一個日期的文件包含所有消息/var/log/messages-20200427-rw-------. 1 root root 6.8M Apr 12 03:36 /var/log/messages-20200412.gz -rw-------. 1 root root 41M Apr 19 03:30 /var/log/messages-20200417.gz -rw-------. 1 root root 43M Apr 26 03:13 /var/log/messages-20200425.gz -rw-------. 1 root root 0 Apr 27 03:47 /var/log/messages -rw-------. 1 root root 3.6G Apr 30 13:15 /var/log/messages-20200427當我手動執行時,我在 post rotate 上只看到一個錯誤,如下所示。
#/sbin/logrotate -v /etc/logrotate.d/logrotate-messages reading config file /etc/logrotate.d/logrotate-messages Allocating hash table for state file, size 15360 B Handling 1 logs rotating pattern: /var/log/messages after 1 days (7 rotations) empty log files are not rotated, old logs are removed considering log /var/log/messages log needs rotating rotating log /var/log/messages, log->rotateCount is 7 Converted ' -%Y%m%d' -> '-%Y%m%d' dateext suffix '-20200430' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' glob finding logs to compress failed fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/messages to /var/log/messages-20200430 creating new /var/log/messages mode = 0600 uid = 0 gid = 0 running postrotate script syslogd: no process found error: error running non-shared postrotate script for /var/log/messages of '/var/log/messages ' set default create context寫入文件的程序是
#fuser /var/log/messages-20200427 /var/log/messages-20200427: 41809 # ps -aef | grep 41809 | grep -v grep root 41809 1 0 Apr24 ? 00:20:18 /usr/sbin/rsyslogd -n不知道如何解決,任何幫助表示讚賞。
您正在嘗試將 SIGHUP 發送到錯誤的程序:
/bin/killall -HUP syslogd但
/usr/sbin/rsyslogd所以你必須把它改成
/bin/killall -HUP rsyslogd