自从我上周从 16.04.5 更新到 18.04.1 以来,每隔几分钟我就会在我的系统日志中看到这种情况:
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), next retry is Sun Aug 19 19:22:32 2018, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
查看第一个错误提供的链接,其中显示:
Search Results for: error 2359
rsyslog error 2359
Posted on June 13, 2018 by pwithopf
Status: action was resumed (used for reporting)
第二个错误(2007年)的链接显示:
rsyslog error 2007
Posted on June 11, 2018 by rgerhards
What does it mean?
This is a generic error message that unfortunately can happen in a number of cases.
How to solve it?
A frequent case for this error message on Debian-based distributions (like raspbian) is that rsyslog.conf contains the instruction to write to the xconsole pipe, but this pipe is never read. If so, you can simply delete these lines to remove the error message. These lines are usually found at the end of rsyslog.conf.
For other error message, it probably is a good idea to check rsyslog’s issue tracker at github and file a new issue if you can’t find a related case.
我在 /etc/rsyslog.conf 文件中看不到“写入 xconsole 管道的指令”是什么意思
chris@localhost:/etc$ cat rsyslog.conf
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
版本信息:
apt-cache policy rsyslog
rsyslog:
Installed: 8.32.0-1ubuntu4
Candidate: 8.32.0-1ubuntu4
答案1
rsyslog 有新版本 -> swVersion="8.38.0"
正如你在 rsylog 主页上看到的那样 https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html 一些参数已经过时。
不幸的是,它们还没有从配置文件中删除。
打开 /etc/rsyslog.conf 并注释或删除以下行。
#
# Set the default permissions for all log files.
#
#$FileOwner syslog
#$FileGroup adm
#$FileCreateMode 0640
#$DirCreateMode 0755
#$Umask 0022
#$PrivDropToUser syslog
#$PrivDropToGroup syslog
答案2
当 rsyslog 无法写入已配置的日志文件时,似乎会产生此错误。就我而言,根本问题是 /var/log/cron.log 归 root 所有:
-rw-r--r-- 1 root root 0 Nov 11 2019 /var/log/cron.log
所有消息都是每分钟记录一次,每分钟过一秒记录一次。这应该立即表明它一直是 cron.log,但我很长时间以来都忽略了这个细节。syslog当该行$PrivDropToUser syslog存在时,Syslog 以用户身份运行,这就是为什么删除该行也会使其正常工作(但如果 rsyslog 中存在任何错误,则会降低系统的安全性)。
一个简单的sudo chown syslog /var/log/cron.log修复就帮我解决了。