堆栈内存溢出
  简体   繁体   English

为什么rsyslog在logrotate后无法启动?

[英]Why does rsyslog fail to start after logrotate?

 原文  2020-10-14 15:54:23       linux/ ubuntu/ logging/ rsyslog/ logrotate

问题描述

At midnight, a cronjob initiates logrotate to rotate 4 key log files.在午夜,cronjob 启动 logrotate 以旋转 4 个关键日志文件。 These 4 log files are also being sent to a log aggregation server by rsyslog.这 4 个日志文件也被 rsyslog 发送到日志聚合服务器。 Despite running the rsyslog logrotate command after each log is rotated, sometimes, the server encounters a "Permission Denied" error that prevents rsyslog from sending the logs belonging to the new files.尽管在每个日志轮换后运行 rsyslog logrotate 命令,但有时,服务器会遇到“权限被拒绝”错误,该错误阻止 rsyslog 发送属于新文件的日志。 I cannot figure out why this is happening so unreliably.我无法弄清楚为什么这会如此不可靠地发生。

Here are the errors reported by rsyslog.以下是 rsyslog 报告的错误。 Note that they occur only on some dates:请注意,它们仅在某些日期发生:

Jul 31 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 01 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 02 00:00:04 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/nginx.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 09 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 10 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/django.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 10 00:00:01 hostname rsyslogd[26343]: imfile: error with inotify API, ignoring file '/home/ubuntu/remote_logs/django.log': Permission denied [v8.32.0]
Aug 16 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 16 00:00:02 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/django.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 19 00:00:03 hostname rsyslogd[856]: imfile: error with inotify API, ignoring file '/home/ubuntu/remote_logs/django.log': Permission denied [v8.32.0]
Aug 20 00:00:06 hostname rsyslogd[856]: imfile: error with inotify API, ignoring file '/home/ubuntu/remote_logs/app.log': Permission denied [v8.32.0]
Aug 30 00:00:01 hostname rsyslogd[856]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Sep 03 00:00:01 hostname rsyslogd[856]: imfile: error with inotify API, ignoring file '/home/ubuntu/remote_logs/celery.log': Permission denied [v8.32.0]
Sep 03 00:00:04 hostname rsyslogd[856]: imfile: error with inotify API, ignoring file '/home/ubuntu/remote_logs/django.log': Permission denied [v8.32.0]

Logrotate is triggered by a cron job, using the root user. Logrotate 由 cron 作业触发,使用 root 用户。 Here is the logrotate config:这是 logrotate 配置:

/home/ubuntu/remote_logs/*.log {
    rotate 365
    daily
    compress
    missingok
    notifempty
    dateext
    dateformat .%Y-%m-%d
    dateyesterday
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}

/usr/lib/rsyslog/rsyslog-rotate

#!/bin/sh

if [ -d /run/systemd/system ]; then
    systemctl kill -s HUP rsyslog.service
else
    invoke-rc.d rsyslog rotate > /dev/null
fi

I know that the logrotate itself is succeeding, because the logrotate verbose logs indicate that, and I see the rotated log files every day.我知道 logrotate 本身正在成功,因为 logrotate 详细日志表明了这一点,而且我每天都会看到轮换的日志文件。 It seems like rsyslog cannot access the newly create files.似乎 rsyslog 无法访问新创建的文件。

Here are the logrotate logs:以下是 logrotate 日志:

Handling 13 logs

rotating pattern: /home/ubuntu/remote_logs/*.log  after 1 days (365 rotations)
empty log files are not rotated, old logs are removed
switching euid to 0 and egid to 106
considering log /home/ubuntu/remote_logs/celery.log
  Now: 2020-10-14 00:00
  Last rotated at 2020-10-13 00:00
  log needs rotating
considering log /home/ubuntu/remote_logs/django.log
  Now: 2020-10-14 00:00
  Last rotated at 2020-10-13 00:00
  log needs rotating
considering log /home/ubuntu/remote_logs/app.log
  Now: 2020-10-14 00:00
  Last rotated at 2020-10-13 00:00
  log needs rotating
considering log /home/ubuntu/remote_logs/nginx.log
  Now: 2020-10-14 00:00
  Last rotated at 2020-10-13 00:00
  log needs rotating
rotating log /home/ubuntu/remote_logs/celery.log, log->rotateCount is 365
Converted ' .%Y-%m-%d' -> '.%Y-%m-%d'
dateext suffix '.2020-10-13'
glob pattern '.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]'
renaming /home/ubuntu/remote_logs/celery.log to /home/ubuntu/remote_logs/celery.log.2020-10-13
creating new /home/ubuntu/remote_logs/celery.log mode = 0644 uid = 102 gid = 106
running postrotate script
switching euid to 0 and egid to 0
compressing log with: /bin/gzip
switching uid to 0 and gid to 106
rotating log /home/ubuntu/remote_logs/django.log, log->rotateCount is 365
Converted ' .%Y-%m-%d' -> '.%Y-%m-%d'
dateext suffix '.2020-10-13'
glob pattern '.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]'
renaming /home/ubuntu/remote_logs/django.log to /home/ubuntu/remote_logs/django.log.2020-10-13
creating new /home/ubuntu/remote_logs/django.log mode = 0644 uid = 102 gid = 106
running postrotate script
switching euid to 0 and egid to 0
compressing log with: /bin/gzip
switching uid to 0 and gid to 106
rotating log /home/ubuntu/remote_logs/app.log, log->rotateCount is 365
Converted ' .%Y-%m-%d' -> '.%Y-%m-%d'
dateext suffix '.2020-10-13'
glob pattern '.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]'
renaming /home/ubuntu/remote_logs/app.log to /home/ubuntu/remote_logs/app.log.2020-10-13
creating new /home/ubuntu/remote_logs/app.log mode = 0644 uid = 102 gid = 106
running postrotate script
switching euid to 0 and egid to 0
compressing log with: /bin/gzip
switching uid to 0 and gid to 106
rotating log /home/ubuntu/remote_logs/nginx.log, log->rotateCount is 365
Converted ' .%Y-%m-%d' -> '.%Y-%m-%d'
dateext suffix '.2020-10-13'
glob pattern '.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]'
renaming /home/ubuntu/remote_logs/nginx.log to /home/ubuntu/remote_logs/nginx.log.2020-10-13
creating new /home/ubuntu/remote_logs/nginx.log mode = 0644 uid = 102 gid = 106
running postrotate script
switching euid to 0 and egid to 0
compressing log with: /bin/gzip
switching uid to 0 and gid to 106
switching euid to 0 and egid to 0

What is happening to rsyslog that prevents it from accessing the log files occasionally? rsyslog 发生了什么阻止它偶尔访问日志文件?

1 个解决方案

解决方案1
 1 已采纳  2020-10-17 08:06:20

It looks like some of the files don't have permission to be created.看起来有些文件没有创建权限。 You need to add create 0644 root root in your config file to give the necessary permission to rotate(modify) the content of the file.您需要在配置文件中添加create 0644 root root以授予旋转(修改)文件内容的必要权限。
You can also specify the group name create 0644 root grouname .您还可以指定组名create 0644 root grouname But I will suggest using root但我会建议使用root

/home/ubuntu/remote_logs/*.log {
    rotate 365
    daily
    compress
    missingok
    create 0644 root root
    notifempty
    dateext
    dateformat .%Y-%m-%d
    dateyesterday
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么这次回归失败? - Why does this return fail? 角色更改后 rsyslog 客户端无法用作 rsyslog 服务器 - rsyslog client not working as a rsyslog server after a role change 在C中选择,为什么会失败? - Select in C, why does it fail? 在postrotate脚本之后logrotate压缩文件 - logrotate compress files after the postrotate script logrotate后日志开头的空值 - Null value in the beginning of log after logrotate Logrotate 在某些天后不删除文件 - Logrotate not deleting file after certain days 升级到docker 1.5后无法启动linux容器 - Fail to start linux container after upgrading to docker 1.5 gunicorn 开机后不启动 - gunicorn does not start after boot 为什么`gem install rails`失败了? - Why does `gem install rails` fail? 为什么找到。 -name foo *失败? - Why does find . -name foo* fail?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM