我在 /var/log 中有一堆消息文件,一直延伸到 2017 年 4 月(没有发布 ls 的整个输出,因为有很多文件)存档的消息从 messages.2.gz 到 messages。 250.gz:
-rw------- 1 root root 231K Jul 28 06:22 messages.13.gz
-rw------- 1 root root 238K Jul 28 16:06 messages.12.gz
-rw------- 1 root root 253K Jul 29 01:04 messages.11.gz
-rw------- 1 root root 238K Jul 29 10:43 messages.10.gz
-rw------- 1 root root 247K Jul 29 20:40 messages.9.gz
-rw------- 1 root root 246K Aug 1 07:19 messages.7.gz
-rw------- 1 root root 253K Aug 1 16:34 messages.6.gz
-rw------- 1 root root 246K Aug 2 02:36 messages.5.gz
-rw------- 1 root root 239K Aug 2 12:16 messages.4.gz
-rw------- 1 root root 246K Aug 2 22:14 messages.3.gz
-rw------- 1 root root 237K Aug 3 07:51 messages.2.gz
-rw------- 1 root root 1.2M Aug 3 10:20 messages.1
-rw------- 1 root root 129K Aug 3 10:30 messages
根据我在 /etc/logrotate.conf 中的配置:
# see "man logrotate" for details
# rotate log files weekly
daily
# keep 4 weeks worth of backlogs
rotate 7
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
minsize 1M
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
minsize 1M
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
它应该只在全球范围内保留一周的日志。我还对 /etc/logrotate.d/syslog 进行了一些更改以进一步排除故障:
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
daily
missingok
rotate 7
compress
delaycompress
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
在调试中运行时,我看到以下内容:
[root@foo log]# logrotate -d /etc/logrotate.d/syslog
reading config file /etc/logrotate.d/syslog
reading config info for /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron
Handling 1 logs
rotating pattern: /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron after 1 days (7 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/messages
log does not need rotating
considering log /var/log/secure
log does not need rotating
considering log /var/log/maillog
log does not need rotating
considering log /var/log/spooler
log does not need rotating
considering log /var/log/boot.log
log does not need rotating
considering log /var/log/cron
log does not need rotating
not running postrotate script, since no logs were rotated
有人可以根据这些信息告诉我为什么 logrotate 不删除较旧的日志文件吗?我确信配置应该在手动运行时删除文件,但情况似乎并非如此......
更新:我将 /etc/logrotate.d/syslog 中的 maxage 设置为 7。有趣的是,它删除了 messages.8.gz 但不会继续删除任何内容?为什么会这样呢?