2

有人可以告诉我为什么偶尔系统日志不旋转并继续登录同一个文件吗?

在对默认设置进行以下自定义后,会观察到偶尔的 syslog 文件轮换问题:

  1. syslog 的路径从默认的 /var/log/syslog 更改为 /opt/vortex/log/syslog(在 /etc/rsyslog.conf 中更改,如下所示)

    $template ATMFormat,"%$YEAR% %timegenerated%::%syslogtag%:%msg:::$%\n" auth,authpriv.* /var/log/auth.log ;auth,authpriv.none -/opt/vortex/log/syslog;ATMFormat

  2. syslog 轮换规则从默认的每周更改为每天,并设置为保留最后 30 个文件(在 /etc/logrotate.d/rsyslog 中更改)

请在下面找到配置和脚本的详细信息供您参考。

通过将 logrotate 脚本文件放在 /etc/cron.daily 目录中,每天通过 cron 安排 logrotate。crontab 有以下定义

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
0 0 * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

/etc/cron.daily/logrotate 脚本具有以下规则

#!/bin/sh

test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf

logrotate.conf 的内容如下:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}

# system-specific logs may be configured here

系统日志的日志轮换配置在 /etc/logrotate.d/rsyslog 中指定,如下所示:

/opt/vortex/log/syslog
{
    rotate 30
    daily
    missingok
    notifempty
    delaycompress
    compress
    postrotate
        invoke-rc.d rsyslog reload > /dev/null
    endscript
}

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
    rotate 4
    weekly
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        invoke-rc.d rsyslog reload > /dev/null
    endscript
}

谢谢你的帮助

4

0 回答 0