rsyslog 在创建目录和文件时暂停

2024-6-10 • tag-icon

我正在使用 Ubuntu 18.04.3 LTS (Bionic Beaver)，详情请点击这里。

使用的 rsyslog 版本rsyslogd 8.2001.0.aeabf0e9703b详细信息请点击这里。

/etc/rsyslog.conf文件点击这里。

我复制了默认/etc/rsyslog.d/50-default.conf文件，覆盖了之前从备份中修改过的文件（正如评论中一些用户所建议的那样），以确保默认配置不被篡改，单击这里想要检查默认文件是否完整。

然后创建一个新文件/etc/rsyslog.d/central-log-server.conf，在其中更新我的配置，就像之前一样：

root@opennms-otrs:~# cat /etc/rsyslog.d/50-default.conf
template(name="RemoteLogs" type="string" string="/var/log/remote-servers/%HOSTNAME%/%PROGRAMNAME%.%Month%-%Date%-%Year%.log" type="list") {
    property(name="timereported" dateFormat="year")
    constant(value="-")
    property(name="timereported" dateFormat="month")
    constant(value="-")
    property(name="timereported" dateFormat="day")
    constant(value=" ")
    property(name="timereported" dateFormat="hour")
    constant(value=":")
    property(name="timereported" dateFormat="minute")
    constant(value=":")
    property(name="timereported" dateFormat="second")
    constant(value=" ")
    property(name="hostname")
    constant(value=" ")
    property(name="app-name")
    constant(value=" ")
    property(name="severity")
    constant(value=" ")
    property(name="msg" spifno1stsp="on" ) # add space if $msg doesn't start with one
    property(name="msg" droplastlf="on" )  # add trailing blank line after each $msg if there is none
    constant(value="\n")
}
*.* ?RemoteLogs
root@opennms-otrs:~#

重启rsyslog服务后的错误日志如下

root@opennms-otrs:~# journalctl -f -u rsyslog
-- Logs begin at Sat 2019-12-14 12:17:22 IST. --
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan 04 19:10:00 opennms-otrs rsyslogd[13431]: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), next retry is Sat Jan  4 19:10:30 2020, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]

^C
root@opennms-otrs:~# tail -50 /var/log/remote-servers/opennms-otrs/rsyslogd.04-01-2020.log
Jan  4 19:00:01 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:00:01 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:00:01 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), next retry is Sat Jan  4 19:00:31 2020, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: [origin software="rsyslogd" swVersion="8.2001.0.586a2bca05c3" x-pid="13341" x-info="https://www.rsyslog.com"] exiting on signal 15.
Jan  4 19:01:23 opennms-otrs rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.2001.0.586a2bca05c3]
Jan  4 19:01:23 opennms-otrs rsyslogd: rsyslogd's groupid changed to 106
Jan  4 19:01:23 opennms-otrs rsyslogd: rsyslogd's userid changed to 102
Jan  4 19:01:23 opennms-otrs rsyslogd: [origin software="rsyslogd" swVersion="8.2001.0.586a2bca05c3" x-pid="13431" x-info="https://www.rsyslog.com"] start
Jan  4 19:01:23 opennms-otrs rsyslogd: file '/var/log/rsyslog.log': open error: Permission denied [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2433 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:01:23 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), next retry is Sat Jan  4 19:01:53 2020, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2359 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
Jan  4 19:10:00 opennms-otrs rsyslogd: action 'action-2-builtin:omfile' suspended (module 'builtin:omfile'), next retry is Sat Jan  4 19:10:30 2020, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2001.0.586a2bca05c3 try https://www.rsyslog.com/e/2007 ]
root@opennms-otrs:~#

我们想要实现的目标：

所有日志文件中的特定格式，稍后可以导入为 csv 文件以进行进一步分析：

月 - 日 - 年 - 时 - 分 - 秒 - 主机名 - 应用程序/服务 - 严重性 - 消息（如果 $msg 不是以空格开头，则添加空格）- \n（每条消息后添加空白行）

所有日志文件都应存储在其特定的主机名文件夹中：

/var/log/remote-servers/%HOSTNAME%/%PROGRAMNAME%.%Month%-%Date%-%Year%.log

相关内容