Logrotate 无法在 AWS Linux 上轮换日志

tag-icon tag-icon linux logrotate
Logrotate 无法在 AWS Linux 上轮换日志

我遇到了 Logrotate 无法轮换我的一台 Amazon Linux 机器上的日志的问题。此机器使用 rsyslog 并从其他设备接收日志。因此使用了通配符规则,我认为这就是问题所在,但删除它并没有帮助。我尝试使用 logrotate -fv 强制轮换,但虽然它说应该轮换日志,但日志的 dateext 存档并未在 /var/log 中创建。奇怪的是,这个功能一直运行到 7 月,由于当时做了一些更改,它停止了工作。这是 rsyslog 文件 (/etc/logrotate.d/rsyslog) 的 logrotate 配置:

/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log{
    compress
    notifempty
    daily
    sharedscripts
    postrotate
         service rsyslog restart >/dev/null 2>&1 || true
    endscript
}

以下是 logrotate -fv 命令的输出:

reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file dracut
reading config info for /var/log/dracut.log
reading config file psacct
reading config info for /var/account/pacct
reading config file rsyslog
reading config info for /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log
reading config file yum
reading config info for /var/log/yum.log
reading config info for /var/log/wtmp
reading config info for /var/log/btmp

Handling 6 logs

rotating pattern: /var/log/dracut.log  forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/dracut.log
  log does not need rotating

rotating pattern: /var/account/pacct  forced from command line (31 rotations)
empty log files are not rotated, old logs are removed
considering log /var/account/pacct
  log does not need rotating
not running postrotate script, since no logs were rotated

rotating pattern: /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/boot.log
/var/log/system-*.log forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/cron
  log needs rotating
considering log /var/log/maillog
  log needs rotating
considering log /var/log/messages
error: stat of /var/log/messages failed: No such file or directory
considering log /var/log/secure
  log needs rotating
considering log /var/log/spooler
error: stat of /var/log/spooler failed: No such file or directory
considering log /var/log/boot.log
  log needs rotating
considering log /var/log/system-10.0.1.5.log
  log needs rotating
considering log /var/log/system-10.10.200.1.log
  log needs rotating
considering log /var/log/system-10.50.10.1.log
  log needs rotating
considering log /var/log/system-10.70.10.1.log
  log needs rotating
considering log /var/log/system-usawsnet01.log
  log needs rotating
rotating log /var/log/cron, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/maillog, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/secure, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/boot.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.0.1.5.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.10.200.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.50.10.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-10.70.10.1.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/system-usawsnet01.log, log->rotateCount is 4
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed

rotating pattern: /var/log/yum.log  forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/yum.log
  log does not need rotating

rotating pattern: /var/log/wtmp  forced from command line (1 rotations)
empty log files are rotated, only log files >= 1048576 bytes are rotated, old logs are removed
considering log /var/log/wtmp
  log needs rotating
rotating log /var/log/wtmp, log->rotateCount is 1
dateext suffix '-20160916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
destination /var/log/wtmp-20160916 already exists, skipping rotation

rotating pattern: /var/log/btmp  forced from command line (1 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/btmp
  log /var/log/btmp does not exist -- skipping

它确实声称日志需要轮换并且强制执行应该这样做,但是运行之后我在 /var/log 中只有以下文件(请注意 7 月 24 日之前正确轮换的日志):

-rw-------  1 root root  385 Jul 21 03:13 secure-20160720.gz
-rw-------  1 root root  303 Jul 22 03:35 secure-20160721.gz
-rw-------  1 root root  908 Jul 22 03:35 cron-20160721.gz
-rw-------  1 root root  896 Jul 23 03:31 cron-20160722.gz
drwxr-xr-x  2 root root 4.0K Jul 23 19:45 mail
-rw-------  1 root root  329 Jul 24 03:17 secure-20160722.gz
-rw-------  1 root root  884 Jul 24 03:17 cron-20160723.gz
-rw-------  1 root root 2.5K Aug 17 21:25 yum.log-20160916
-rw-------  1 root root  218 Aug 30 03:25 maillog-20160707.gz
-rw-------  1 root root 4.0K Sep 15 04:33 maillog
-rw-rw-r--  1 root utmp  66K Sep 15 23:20 wtmp-20160916
-rw-------  1 root root    0 Sep 16 00:16 dracut.log
-rw-------  1 root root    0 Sep 16 00:16 yum.log
drwxr-xr-x  5 root root  36K Sep 16 03:21 .
-rw-------  1 root root 307K Sep 16 04:01 cron
-rw-------  1 root root  32K Sep 16 04:09 secure
-rw-------  1 root root 3.9G Sep 16 04:09 boot.log
-rw-rw-r--  1 root utmp 4.2K Sep 16 17:48 wtmp
-rw-r--r--  1 root root 144K Sep 16 17:48 lastlog
-rw-------  1 root root  11K Sep 16 18:01 system-usawsnet01.log
-rw-------  1 root root 141M Sep 16 18:14 system-10.50.10.1.log
-rw-------  1 root root 5.2G Sep 16 18:14 system-10.0.1.5.log
-rw-------  1 root root 5.8G Sep 16 18:14 system-10.70.10.1.log
-rw-------  1 root root 5.2G Sep 16 18:14 system-10.10.200.1.log

最后,如果有帮助的话,这里是基本的 logrotate 配置文件:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

我尝试删除通配符,并删除了 /var/lib/logrotate.status 以重新开始,但似乎没有什么可以触发这些日志的轮换。

相关内容