/var/log 在 Ubuntu 22.04 上始终被清除

tag-icon tag-icon linux ubuntu syslog
/var/log 在 Ubuntu 22.04 上始终被清除

在 Ubuntu 22.04 上,当日志文件应该存在时,/var/log 总是被清除。rsyslog 已安装并正在运行。重新启动 rsyslog 会显示 /var/log 中再次创建文件(例如 auth.log、kern.log、其他非默认日志记录等),但几秒钟后所有内容都消失了。没有 cronjobs 可能导致这种情况。

有问题的服务器用作 SIEM 服务器,我们为许多其他具有相同配置的客户端(包括 rsyslog.conf)配备了该服务器,这似乎是一个孤立问题。在网上查找,我似乎找不到关于这个确切问题的提及,据我所知,我们的服务器上没有其他会导致此问题的软件。

到目前为止我已经尝试过以下方法:

  • systemctl 重启 rsyslog
  • systemctl 重启 systemd-journald.socket
  • systemctl 重启 systemd-journald
  • 重启服务器
  • ps aux | grep rsyslog (检查是否正在运行)
  • rsyslogd -N1(检查错误,无)

尝试测试日志:

user@hostname:/home/user# logger -p mail.info "TEST"
user@hostname:/home/user# cat /var/log/mail.log
Nov  1 14:22:43 hostname user: TEST

检查服务是否启动:

syslog      6483  0.0  0.0 222300  3412 ?        Ssl  11:55   0:00 rsyslogd
syslog     56507  0.0  0.0 222300  4608 ?        Ssl  12:52   0:01 /usr/sbin/rsyslogd -n -iNONE

检查服务和版本:

● rsyslog.service - System Logging Service
     Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; preset: enabled)
     Active: active (running) since Wed 2023-11-01 12:52:54 UTC; 1h 20min ago
TriggeredBy: ● syslog.socket
       Docs: man:rsyslogd(8)
             man:rsyslog.conf(5)
             https://www.rsyslog.com/doc/
    Process: 56503 ExecStartPre=/usr/lib/rsyslog/reload-apparmor-profile (code=exited, status=0/SUCCESS)
   Main PID: 56507 (rsyslogd)
      Tasks: 4 (limit: 19031)
     Memory: 1.9M
        CPU: 1.328s
     CGroup: /system.slice/rsyslog.service
             └─56507 /usr/sbin/rsyslogd -n -iNONE

Nov 01 12:52:54 hostname systemd[1]: Starting rsyslog.service - System Logging Service...
Nov 01 12:52:54 hostname rsyslogd[56507]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.23>
Nov 01 12:52:54 hostname rsyslogd[56507]: rsyslogd's groupid changed to 109
Nov 01 12:52:54 hostname systemd[1]: Started rsyslog.service - System Logging Service.
Nov 01 12:52:54 hostname rsyslogd[56507]: rsyslogd's userid changed to 103
Nov 01 12:52:54 hostname rsyslogd[56507]: [origin software="rsyslogd" swVersion="8.2302.0" x-pid="56507" x-info="https://www.rsyslo>
lines 1-21/21 (END)

rsyslogd  8.2302.0 (aka 2023.02) compiled with:
        PLATFORM:                               x86_64-pc-linux-gnu
        PLATFORM (lsb_release -d):
        FEATURE_REGEXP:                         Yes
        GSSAPI Kerberos 5 support:              Yes
        FEATURE_DEBUG (debug build, slow code): No
        32bit Atomic operations supported:      Yes
        64bit Atomic operations supported:      Yes
        memory allocator:                       system default
        Runtime Instrumentation (slow code):    No
        uuid support:                           Yes
        systemd support:                        Yes
        Config file:                            /etc/rsyslog.conf
        PID file:                               /run/rsyslogd.pid
        Number of Bits in RainerScript integers: 64

任何帮助都将不胜感激。提前致谢。

相关内容