%20%E7%9B%91%E5%90%AC%20%2Fdev%2Flog%20%E4%BB%A5%E5%A4%96%E7%9A%84%E5%85%B6%E4%BB%96%E4%BD%8D%E7%BD%AE.png)
我希望 systemd 219 中的 systemd-journald(在 el7 上,因此软件包为 systemd-219-30.el7_3.9.x86_64)能够监听 上的系统日志消息,/run/systemd/journal/dev-log并且/dev/log符号链接到该文件。这是 systemd-journald 较新版本的默认行为。
股票/lib/systemd/system/sytemd-journald.socket情况如下:
[Unit]
Description=Journal Socket
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Before=sockets.target
[Socket]
ListenStream=/run/systemd/journal/stdout
ListenDatagram=/run/systemd/journal/socket
ListenDatagram=/dev/log
SocketMode=0666
PassCredentials=yes
PassSecurity=yes
ReceiveBuffer=8M
我修改了该文件以删除该ListenDatagram=/dev/log行。
我创建了一个新的单位,/etc/systemd/system/systemd-journal-dev-log.socket如下所示:
[Unit]
Description=Journal Socket (/dev/log)
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Before=sockets.target
IgnoreOnIsolate=yes
[Socket]
Service=systemd-journald.service
ListenDatagram=/run/systemd/journal/dev-log
Symlinks=/dev/log
SocketMode=0666
PassCredentials=yes
PassSecurity=yes
ReceiveBuffer=8M
SendBuffer=8M
[Install]
WantedBy=systemd-journald.service
我进行了修改/lib/systemd/system/systemd-journald.service,使其包括:
Sockets=systemd-journald.socket systemd-journald-dev-log.socket
我重新加载 systemd(systemctl daemon-reload),启用新的套接字systemctl enable systemd-journald-dev-log.socket),并重新启动所有 journald 相关单元(systemctl restart systemd-journald\*),之后systemctl cat systemd-journald.socket显示更改已生效:
# systemctl list-units | grep journald
systemd-journald.service loaded active running Journal Service
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
# systemctl cat systemd-journald.service | grep Socket
Sockets=systemd-journald.socket systemd-journald-dev-log.socket
# systemctl cat systemd-journald.socket | grep Listen
ListenStream=/run/systemd/journal/stdout
ListenDatagram=/run/systemd/journal/socket
# systemctl cat systemd-journald-dev-log.socket | grep Listen
ListenDatagram=/run/systemd/journal/dev-log
但尽管有上述配置,我发现这/dev/log不是一个符号链接:
# ls -l /dev/log
srw-rw-rw-. 1 root root 0 Sep 12 17:33 /dev/log
事实上它是systemd-journald直接打开的,而不是由systemd它自己打开的:
# lsof | grep /dev/log
systemd-j 186 root 5u unix 0xffff8b5076bc8000 0t0 157285 /dev/log
这是怎么回事?为什么我的套接字单元不能按预期工作?有没有办法解决这个问题而不涉及升级 systemd?