我在基于 Alpine 的系统上安装了 rsyslog 来替换 busybox syslogd。在 openrc 中完全禁用 syslogd,在启动时启用 ryslog 并重新启动后,所有服务都正确地开始记录到 rsyslog。
但是,使用该logger
实用程序(由 busybox 提供,但我还尝试通过安装软件包来替换它logger
- 它没有改变任何东西)仍然会记录到/var/log/messages
(无论我记录到哪个工具),这是 busybox 使用的默认文件syslogd
。
据我了解,logger
不应直接记录到文件,而应使用 syslog 协议,因此rsyslogd
应拾取消息并根据定义的规则对其进行处理。但是,尽管 rsyslog 中记录到的唯一规则/var/log/messages
包含mail.none
,但当我将其用作设施/严重性时,记录器仍会记录到该文件mail.info
。
发生了什么事?我该如何解决?
--
/etc/rsyslog.conf
:
# rsyslog configuration file
#
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### Global directives ####
# Sets the directory that rsyslog uses for work files.
$WorkDirectory /var/lib/rsyslog
# Sets default permissions for all log files.
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
# Check config syntax on startup and abort if unclean (default off).
#$AbortOnUncleanConfig on
# Reduce repeating messages (default off).
#$RepeatedMsgReduction on
#### Modules ####
# Provides --MARK-- message capability.
module(load="immark")
# Provides support for local system logging (e.g. via logger command).
module(load="imuxsock")
# Reads kernel messages.
module(load="imklog")
#### Rules ####
# Log all kernel messages to kern.log.
kern.* /var/log/kern.log
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# NOTE: The minus sign in front of filename disables buffer flush.
*.info;authpriv.none;cron.none;kern.none;mail.none -/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/auth.log
# Log all the mail messages in one place.
mail.* -/var/log/mail.log
# Log cron stuff.
cron.* -/var/log/cron.log
# Everybody gets emergency messages.
*.emerg :omusrmsg:*
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
#### Config files ####
# Include all config files in /etc/rsyslog.d/.
include(file="/etc/rsyslog.d/*.conf" mode="optional")
rc-update show
:
apache2 | default
bootmisc | boot
crond | default
devfs | sysinit
dovecot | default
fail2ban | default
loadkmap | boot
mdev | sysinit
networking | default
opendkim | default
openntpd | default
php-fpm7 | default
postfix | default
postgresql | default
postgrey | default
rspamd | default
rsyslog | boot default
sshd | default
ufw | default
rc-status
:
Runlevel: default
rsyslog [ started ]
ufw [ started ]
networking [ started ]
openntpd [ started ]
postgresql [ started ]
dovecot [ started ]
opendkim [ started ]
postgrey [ started ]
sshd [ started ]
rspamd [ started ]
crond [ started ]
postfix [ started ]
apache2 [ started ]
fail2ban [ started ]
php-fpm7 [ started ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed/wanted
hostname [ started ]
localmount [ started ]
sysfs [ started ]
Dynamic Runlevel: manual
答案1
这对我来说如预期的那样。
禁用busybox syslog
并安装rsyslog
,配置 rsyslog 来记录到/var/log/syslog
而不是以/var/log/messages
避免混淆:
/ # rc-service syslog stop
* WARNING: you are stopping a boot service
* Caching service dependencies ... [ ok ]
* Stopping busybox crond ... [ ok ]
* Stopping busybox syslog ... [ ok ]
/ # apk add rsyslog
(1/5) Installing libestr (0.1.11-r1)
(2/5) Installing libfastjson (0.99.9-r0)
(3/5) Installing libuuid (2.37-r0)
(4/5) Installing rsyslog (8.2012.0-r1)
(5/5) Installing rsyslog-openrc (8.2012.0-r1)
Executing busybox-1.33.1-r3.trigger
OK: 10 MiB in 25 packages
/ # grep /var/log/messages /etc/rsyslog.conf
*.info;authpriv.none;cron.none;kern.none;mail.none -/var/log/messages
/ # sed -i '/\/var\/log\/messages/s/messages/syslog/' /etc/rsyslog.conf
/ # rc-service rsyslog start
* Caching service dependencies ... [ ok ]
* Starting rsyslog ... [ ok ]
/ # tail /var/log/syslog
2021-09-12T04:30:50.071691+00:00 CT555 : [origin software="rsyslogd" swVersion="8.2012.0" x-pid="709" x-info="https://www.rsyslog.com"] start
使用(默认)user.notice
和mail.info
内置的 busybox进行记录logger
:
/ # logger foo bar
/ # logger -p mail.info logging at mail.info
/ # tail /var/log/syslog
2021-09-12T04:30:50.071691+00:00 CT555 : [origin software="rsyslogd" swVersion="8.2012.0" x-pid="709" x-info="https://www.rsyslog.com"] start
2021-09-12T04:31:26.066703+00:00 CT555 root: foo bar
消息mail.info
未被记录到/var/log/syslog
。
确认它没有最终出现在/var/log/messages
:
/ # tail /var/log/messages
Sep 12 04:29:06 CT555 daemon.info init: starting pid 368, tty '/dev/tty1': '/sbin/getty 38400 tty1'
Sep 12 04:29:06 CT555 daemon.info init: starting pid 369, tty '/dev/tty2': '/sbin/getty 38400 tty2'
Sep 12 04:29:43 CT555 daemon.warn /etc/init.d/syslog[407]: WARNING: you are stopping a boot service
Sep 12 04:29:43 CT555 user.debug : Will stop /usr/sbin/crond
Sep 12 04:29:43 CT555 user.debug : Will stop PID 360
Sep 12 04:29:43 CT555 user.debug : Sending signal 15 to PID 360
Sep 12 04:29:43 CT555 user.debug : Will stop /sbin/syslogd
Sep 12 04:29:43 CT555 user.debug : Will stop PID 332
Sep 12 04:29:43 CT555 user.debug : Sending signal 15 to PID 332
Sep 12 04:29:43 CT555 syslog.info syslogd exiting
在 Alpine 3.14.2 上测试。