每隔几分钟 rsyslog 输出 - rsyslogd:操作“action 3”已恢复(模块“builtin:omfile”)

每隔几分钟 rsyslog 输出 - rsyslogd:操作“action 3”已恢复(模块“builtin:omfile”)

自从我上周从 16.04.5 更新到 18.04.1 以来,每隔几分钟我就会在我的系统日志中看到这种情况:

Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' suspended (module 'builtin:omfile'), next retry is Sun Aug 19 19:22:32 2018, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]

查看第一个错误提供的链接,其中显示:

Search Results for: error 2359
rsyslog error 2359
Posted on June 13, 2018 by pwithopf 

Status: action was resumed (used for reporting)

第二个错误(2007年)的链接显示:

rsyslog error 2007
Posted on June 11, 2018 by rgerhards    
What does it mean?

This is a generic error message that unfortunately can happen in a number of cases.
How to solve it?

A frequent case for this error message on Debian-based distributions (like   raspbian) is that rsyslog.conf contains the instruction to write to the xconsole pipe, but this pipe is never read. If so, you can simply delete these lines to remove the error message. These lines are usually found at the end of rsyslog.conf.

For other error message, it probably is a good idea to check rsyslog’s issue tracker at github and file a new issue if you can’t find a related case.

我在 /etc/rsyslog.conf 文件中看不到“写入 xconsole 管道的指令”是什么意思

chris@localhost:/etc$ cat rsyslog.conf
#  /etc/rsyslog.conf    Configuration file for rsyslog.
#
#           For more information see
#           /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

版本信息:

apt-cache policy rsyslog
rsyslog:
  Installed: 8.32.0-1ubuntu4
  Candidate: 8.32.0-1ubuntu4

答案1

rsyslog 有新版本 -> swVersion="8.38.0"

正如你在 rsylog 主页上看到的那样 https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html 一些参数已经过时。

不幸的是,它们还没有从配置文件中删除。

打开 /etc/rsyslog.conf 并注释或删除以下行。

#
# Set the default permissions for all log files.
#
#$FileOwner syslog
#$FileGroup adm
#$FileCreateMode 0640
#$DirCreateMode 0755
#$Umask 0022
#$PrivDropToUser syslog
#$PrivDropToGroup syslog

答案2

当 rsyslog 无法写入已配置的日志文件时,似乎会产生此错误。就我而言,根本问题是 /var/log/cron.log 归 root 所有:

-rw-r--r-- 1 root   root         0 Nov 11  2019 /var/log/cron.log

所有消息都是每分钟记录一次,每分钟过一秒记录一次。这应该立即表明它一直是 cron.log,但我很长时间以来都忽略了这个细节。syslog当该行$PrivDropToUser syslog存在时,Syslog 以用户身份运行,这就是为什么删除该行也会使其正常工作(但如果 rsyslog 中存在任何错误,则会降低系统的安全性)。

一个简单的sudo chown syslog /var/log/cron.log修复就帮我解决了。

相关内容