我正在开发一个嵌入式 Linux 系统,其中根文件系统是从 SD 卡安装的。虽然很多像这样的系统只是安装/var/log在ramdisk上,但我想将日志保存到SD卡上以记录重要事件,所以我让logrotate照常运行,这样SD卡就不会完全填满。
不幸的是,该系统没有支持 RTC 的电池,因此如果系统断电并再次启动,系统时间将回到 1970 年 1 月 1 日。在这种情况下,我运行了一次 logrotate,然后使用以下命令检查了 logrotate 配置:logrotate -d /etc/logrotate.conf:
# logrotate -d /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file syslog
reading config info for /var/log/cron /var/log/debug /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler /var/log/syslog
reading config info for /var/log/wtmp
reading config info for /var/log/btmp
error: bad year 1970 for file /var/log/syslog in state file /var/lib/logrotate.status
Handling 3 logs
rotating pattern: /var/log/cron /var/log/debug /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler /var/log/syslog weekly (4 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/cron
log does not need rotating
considering log /var/log/debug
log does not need rotating
considering log /var/log/maillog
log does not need rotating
considering log /var/log/messages
log does not need rotating
considering log /var/log/secure
log does not need rotating
considering log /var/log/spooler
log does not need rotating
considering log /var/log/syslog
log does not need rotating
not running postrotate script, since no logs were rotated
rotating pattern: /var/log/wtmp monthly (1 rotations)
empty log files are rotated, only log files >= 1048576 bytes are rotated, old logs are removed
considering log /var/log/wtmp
log does not need rotating
rotating pattern: /var/log/btmp monthly (1 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/btmp
log does not need rotating
error: could not read state file, will not attempt to write into it
请注意,它抱怨 syslog 在 logrotate status file 中的年份 1970 很糟糕/var/log/logrotate.status,如下所示:
logrotate state -- version 2
"/var/log/syslog" 1970-1-1
"/var/log/debug" 1970-1-1
"/var/log/wtmp" 1970-1-1
"/var/log/spooler" 1970-1-1
"/var/log/btmp" 1970-1-1
"/var/log/maillog" 1970-1-1
"/var/log/httpd/*_log" 1970-1-1
"/var/log/wpa_supplicant.log" 1970-1-1
"/var/log/secure" 1970-1-1
"/var/log/mcelog" 1970-1-1
"/var/log/messages" 1970-1-1
"/var/log/cron" 1970-1-1
"/var/log/vsftpd.log" 1970-1-1
最后它说它不会尝试写入状态文件,所以现在我担心这是否意味着日志不会正确旋转。有谁知道发生这种情况时 logrotate 会发生什么?
安装系统的地方发生电源故障的可能性很低,因此我更喜欢正确设置时间,但我真的很想确认,如果发生故障,logrotate 不会被搞砸。
答案1
logrotate状态文件用于跟踪每日日志上次轮换的时间。对于我的一个嵌入式系统来说,它似乎愿意写一个像 1970 年或 1907 年这样的虚假日期。但是,当下次运行时,它会拒绝其自己的状态文件中的日期,并且不会轮换日志。
我已经通过删除状态文件解决了这个问题。这意味着下次运行 logrotate 时,它会假设不需要再轮换日志,这对我来说没问题。
更好的解决方案是修改 logrotate cron 脚本以首先检查时钟是否与 ntpq / ntpdate 同步。事实上,我认为将其放入脚本中的最简单方法是check_ntp_time在标准 nagios-plugins 发行版中 使用,例如
/usr/lib/nagios/plugins/check_ntp_time -H pool.ntp.org
然后在允许 logrotate 运行之前检查返回码是否为 0。
您还可以在 logrotate cron 脚本或启动脚本中调用 ntpdate。
最重要的是,确保 cron 设置为在 cron 作业失败时向您发送电子邮件;实现这一点的最简单方法是安装ssmtp.
答案2
通过插入解决方法
sed -i '/1970-1/d' /var/lib/logrotate.status
在 logrotate 脚本中/etc/cron.daily/logrotate