Ubuntu 22.04:升级到 Ubuntu 22.04 后 Logrotate 无法正常工作

tag-icon tag-icon logrotate
Ubuntu 22.04:升级到 Ubuntu 22.04 后 Logrotate 无法正常工作

我刚刚意识到,自从升级到 22.04.1 以来,logrotate 就不起作用了。Syslog 已经很多天没有轮换了。它应该由 systemd 计时器运行,并且相关计时器已激活:

# systemctl list-timers
NEXT                         LEFT               LAST                         PA>
Thu 2022-09-15 23:09:00 CEST 20min left         Thu 2022-09-15 22:39:22 CEST 9m>
Thu 2022-09-15 23:30:42 CEST 42min left         Thu 2022-09-15 22:33:38 CEST 14>
Thu 2022-09-15 23:55:00 CEST 1h 6min left       Wed 2022-09-14 23:55:05 CEST 22>
Fri 2022-09-16 00:00:00 CEST 1h 11min left      n/a                          n/>
Fri 2022-09-16 00:00:00 CEST 1h 11min left      Thu 2022-09-15 00:00:01 CEST 22>
Fri 2022-09-16 02:35:57 CEST 3h 47min left      Thu 2022-09-15 02:35:57 CEST 20>
Fri 2022-09-16 02:46:01 CEST 3h 57min left      Thu 2022-09-15 02:46:01 CEST 20>
Fri 2022-09-16 03:22:12 CEST 4h 33min left      Thu 2022-09-15 10:43:31 CEST 12>
Fri 2022-09-16 04:26:17 CEST 5h 37min left      Thu 2022-09-15 22:04:50 CEST 43>
Fri 2022-09-16 06:28:52 CEST 7h left            Thu 2022-09-15 06:39:52 CEST 16>
Fri 2022-09-16 06:54:45 CEST 8h left            Thu 2022-09-15 00:59:05 CEST 21>
Fri 2022-09-16 07:27:18 CEST 8h left            Thu 2022-09-15 20:08:18 CEST 2h>
Fri 2022-09-16 10:23:45 CEST 11h left           Thu 2022-09-15 19:41:01 CEST 3h>
Sun 2022-09-18 03:10:01 CEST 2 days left        Sun 2022-09-11 03:11:05 CEST 4 >
Mon 2022-09-19 00:14:45 CEST 3 days left        Mon 2022-09-12 00:40:35 CEST 3 >
Sun 2022-09-25 02:14:00 CEST 1 week 2 days left Sun 2022-09-11 10:56:49 CEST 4 >

16 timers listed.

根据系统日志,logrotate 也在运行:

Sep 14 00:00:08 server1 systemd[1]: logrotate.service: Deactivated successfully.
Sep 14 02:30:41 server1 systemd[1]: logrotate.timer: Deactivated successfully.
Sep 15 00:00:01 server1 systemd[1]: logrotate.service: Deactivated successfully.
Sep 15 02:30:42 server1 systemd[1]: logrotate.timer: Deactivated successfully.

systemd 也确认了这一点:

# systemctl status logrotate.timer
● logrotate.timer - Daily rotation of log files
     Loaded: loaded (/lib/systemd/system/logrotate.timer; enabled; vendor prese>
     Active: active (waiting) since Thu 2022-09-15 02:30:57 CEST; 20h ago
    Trigger: Fri 2022-09-16 00:00:00 CEST; 1h 8min left
   Triggers: ● logrotate.service
       Docs: man:logrotate(8)
             man:logrotate.conf(5)

Sep 15 02:30:57 server1 systemd[1]: Started Daily rotation of log fil

但是没有日志被轮换。当我按照 logrotate.service 中的指定手动启动 logrotate 时,什么也没有发生(没有输出,没有日志被轮换):

root@server1:/usr/lib/systemd/system# /usr/sbin/logrotate /etc/logrotate.conf
root@server1:/usr/lib/systemd/system#

当我使用 -vf 启动 logrotate 来查看问题所在时,日志确实被旋转了:

root@server1:/usr/lib/systemd/system# /usr/sbin/logrotate -vf /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d

请问我该如何调试这个问题并让 logrotate 定期运行?

答案1

我遇到了一个与更新后出现的症状相同的问题。我的情况是从 Ubuntu 21.10 升级到 22.04。

我可以运行:

logrotate /etc/logrotate.d/rsyslog --debug

这是最相关的错误:

错误:跳过“/var/log/syslog”,因为父目录具有不安全的权限(它是所有人可写的或者可由非“root”的组写入)在配置文件中设置“su”指令来告诉 logrotate 应该使用哪个用户/组进行轮换。

检查哪个组被分配到 /var/log,在我的情况下您可以看到它是 syslog。

ls -alh /var/
drwxrwxr-x 16 root syslog   4.0K Sep 27 19:25 log

我将下面的行添加到 /etc/logrotate.d/rsyslog

su syslog syslog

最后我的 /etc/logrotate.d/rsyslog 文件看起来像这样。

/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
    su syslog syslog
    rotate 4
    weekly
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}

通过这些编辑,我可以再次运行它,上面看到的错误消失了。我从命令末尾删除了 --debug 并重新运行它。系统日志文件已与其他有错误的文件一起轮换。

logrotate /etc/logrotate.d/rsyslog --debug

相关内容