systemd-journal-remote 声称日志文件已损坏

tag-icon tag-icon systemd-journald
systemd-journal-remote 声称日志文件已损坏

我正在尝试将日志日志从服务器上传到集中式服务器。我为此使用 systemd-journal-remote 和 systemd-journal-upload 。现有日志的初始同步进展顺利。一段时间后,当上传新日志时,systemd-journal-remote 开始声称日志已损坏。

# journalctl -u systemd-journal-remote
Dec 07 11:59:41 syslog systemd-journal-remote[1459]: /var/log/journal/remote//remote-192.168.100.85.journal: Journal header limits reached or header out-of-date, rotating
Dec 07 11:59:44 syslog systemd-journal-remote[1459]: /var/log/journal/remote//remote-192.168.100.85.journal: Journal header limits reached or header out-of-date, rotating
Dec 07 13:25:55 syslog systemd-journal-remote[1459]: File /var/log/journal/remote//remote-192.168.100.85.journal corrupted or uncleanly shut down, renaming and replacing.
Dec 07 14:14:04 syslog systemd-journal-remote[1459]: File /var/log/journal/remote//remote-192.168.100.85.journal corrupted or uncleanly shut down, renaming and replacing.
Dec 07 22:06:10 syslog systemd-journal-remote[1459]: File /var/log/journal/remote//remote-192.168.100.85.journal corrupted or uncleanly shut down, renaming and replacing.
Dec 08 07:14:29 syslog systemd-journal-remote[1459]: File /var/log/journal/remote//remote-192.168.100.85.journal corrupted or uncleanly shut down, renaming and replacing.

它将当前文件移动到journal~文件。

# ls -l /var/log/journal/remote
-rw-r----- 1 systemd-journal-remote systemd-journal-remote   8388608 Dec  8 09:08 remote-192.168.100.85.journal
-rw-r----- 1 systemd-journal-remote systemd-journal-remote  83886080 Dec  7 13:25 [email protected]~
-rw-r----- 1 systemd-journal-remote systemd-journal-remote   8388608 Dec  7 14:14 [email protected]~
-rw-r----- 1 systemd-journal-remote systemd-journal-remote   8388608 Dec  7 22:06 [email protected]~
-rw-r----- 1 systemd-journal-remote systemd-journal-remote   8388608 Dec  8 07:14 [email protected]~
-rw-r----- 1 systemd-journal-remote systemd-journal-remote  75497472 Dec  7 11:59 remote-192.168.100.85@20cd77d5c97e47119c33de6c4ca2c0d2-0000000000000001-0005c3d7d8a4d2a4.journal

奇怪的是,这些文件可以被journalctl完全读取,并且verify返回PASS。

# journalctl --file="/var/log/journal/remote/*.journal~" --verify
PASS: /var/log/journal/remote/[email protected]~                                                            
PASS: /var/log/journal/remote/[email protected]~                                                            
PASS: /var/log/journal/remote/[email protected]~                                                            
PASS: /var/log/journal/remote/[email protected]~

systemd-journal-upload 服务器上没有记录任何内容。

源服务器和目标服务器都运行 Ubuntu 20.04 (Focal) 服务器,systemd 版本为 245。我尝试使用 http 和 https 作为传输。我还尝试将 systemd-journal-remote 服务器升级到 Ubuntu 22.04 (Jammy) (systemd 249)。所有这些都会导致相同的行为。

它为什么要这样做?这填满了我的磁盘空间,因为日志文件总是至少 8MB,但有时只包含 2 条日志行。

相关内容