我在 Debian 10 服务器上使用 logrotate 时遇到了一个奇怪的问题。
总的来说,logrotate (v3.20.1) 运行良好,轮换良好……除了 /tmp 中的一些文件,我想每天“压缩”它们。这些日志是来自 collectd 的 cvs 文件,我不需要保留超过 24 小时。
我的 collectd 配置文件是:
/var/log/collectd/collectd.log {
weekly
rotate 4
create
compress
missingok
}
/tmp/collectd/csv/localhost/*/* {
daily
rotate 0
copytruncate
missingok
}
以下是 logrotate 日志文件的一部分:
rotating pattern: /var/log/collectd/collectd.log weekly (4 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/collectd/collectd.log
Now: 2022-12-09 00:00
Last rotated at 2022-12-04 15:15
log does not need rotating (log has been rotated at 2022-12-04 15:15, which is less than a week ago)
rotating pattern: /tmp/collectd/csv/localhost/*/* after 1 days (no old logs will be kept)
empty log files are rotated
considering log /tmp/collectd/csv/localhost/*/*
我注意到的奇怪的事情是,在 logrotate 状态文件 /var/lib/logrotate/status 中,与其他条目不同,这些文件的状态日期停留在 2022-12-1-0:0:0。
# cat /var/lib/logrotate/status | sort
logrotate state -- version 2
"/tmp/collectd/csv/localhost/*/*" 2022-12-1-0:0:0
"/tmp/collectd/csv/localhost/cpu-0/cpu-idle" 2022-12-1-0:0:0
"/tmp/collectd/csv/localhost/cpu-0/cpu-interrupt" 2022-12-1-0:0:0
"/tmp/collectd/csv/localhost/cpu-0/cpu-nice" 2022-12-1-0:0:0
"/tmp/collectd/csv/localhost/cpu-0/cpu-softirq" 2022-12-1-0:0:0
...
"/tmp/collectd/csv/localhost/tcpconns-4772-remote/tcp_connections-SYN_SENT" 2022-12-1-0:0:0
"/tmp/collectd/csv/localhost/tcpconns-4772-remote/tcp_connections-TIME_WAIT" 2022-12-1-0:0:0
"/tmp/collectd/csv/localhost/uptime/uptime" 2022-12-1-0:0:0
...
"/var/log/borgbackup.log" 2022-12-4-15:15:18
"/var/log/btmp" 2022-12-1-0:0:1
"/var/log/chrony/*.log" 2022-1-13-18:0:0
"/var/log/clamav/clamav.log" 2022-12-4-15:15:18
"/var/log/clamav/freshclam.log" 2022-12-4-15:15:18
"/var/log/collectd/collectd.log" 2022-12-4-15:15:18
我尝试在调试模式下运行 logrotate,结果如下:
...
rotating pattern: /tmp/collectd/csv/localhost/*/* after 1 days (no old logs will be kept)
empty log files are rotated
considering log /tmp/collectd/csv/localhost/cpu-0/cpu-idle
Now: 2022-12-09 17:32
Last rotated at 2022-12-01 00:00
log needs rotating
...
rotating log /tmp/collectd/csv/localhost/cpu-0/cpu-idle, log->rotateCount is 0
dateext suffix '-20221209'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /tmp/collectd/csv/localhost/cpu-0/cpu-idle.1.bz2 to /tmp/collectd/csv/localhost/cpu-0/cpu-idle.2.bz2 (rotatecount 1, logstart 1, i 1),
renaming /tmp/collectd/csv/localhost/cpu-0/cpu-idle.0.bz2 to /tmp/collectd/csv/localhost/cpu-0/cpu-idle.1.bz2 (rotatecount 1, logstart 1, i 0),
log /tmp/collectd/csv/localhost/cpu-0/cpu-idle.2.bz2 doesn't exist -- won't try to dispose of it
skip copying /tmp/collectd/csv/localhost/cpu-0/cpu-idle to /tmp/collectd/csv/localhost/cpu-0/cpu-idle.1
truncating /tmp/collectd/csv/localhost/cpu-0/cpu-idle
compressing log with: /bin/lbzip2
...
但是文件不会每天午夜轮换,而且会不断增长:(
是否可以旋转 /tmp 中的文件? 看起来是可能的,但是可能存在什么问题?
感谢您的帮助。
答案1
您需要检查/lib/systemd/system/logrotate.service配置并确保 PrivateTmp选项设置为false。
不要忘记systemctl daemon-reload
我刚刚发现 Logrotate 不是由 Cron 处理,而是由 Systemd 计时器处理。今年的发现!
答案2
这是我的 logrotate 服务的 systemd conf 文件。
# cat logrotate.service
[Unit]
Description=Rotate log files
Documentation=man:logrotate(8) man:logrotate.conf(5)
ConditionACPower=true
[Service]
Type=oneshot
ExecStart=/usr/sbin/logrotate -v --log=/var/log/logrotate/logrotate.log /etc/logrotate.conf
# performance options
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
# hardening options
# details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
# no ProtectHome for userdir logs
# no PrivateNetwork for mail deliviery
# no ProtectKernelTunables for working SELinux with systemd older than 235
# no MemoryDenyWriteExecute for gzip on i686
PrivateDevices=true
PrivateTmp=false
ProtectControlGroups=true
ProtectKernelModules=true
ProtectSystem=full
RestrictRealtime=true