我刚刚意识到,自从升级到 22.04.1 以来,logrotate 就不起作用了。Syslog 已经很多天没有轮换了。它应该由 systemd 计时器运行,并且相关计时器已激活:
# systemctl list-timers
NEXT LEFT LAST PA>
Thu 2022-09-15 23:09:00 CEST 20min left Thu 2022-09-15 22:39:22 CEST 9m>
Thu 2022-09-15 23:30:42 CEST 42min left Thu 2022-09-15 22:33:38 CEST 14>
Thu 2022-09-15 23:55:00 CEST 1h 6min left Wed 2022-09-14 23:55:05 CEST 22>
Fri 2022-09-16 00:00:00 CEST 1h 11min left n/a n/>
Fri 2022-09-16 00:00:00 CEST 1h 11min left Thu 2022-09-15 00:00:01 CEST 22>
Fri 2022-09-16 02:35:57 CEST 3h 47min left Thu 2022-09-15 02:35:57 CEST 20>
Fri 2022-09-16 02:46:01 CEST 3h 57min left Thu 2022-09-15 02:46:01 CEST 20>
Fri 2022-09-16 03:22:12 CEST 4h 33min left Thu 2022-09-15 10:43:31 CEST 12>
Fri 2022-09-16 04:26:17 CEST 5h 37min left Thu 2022-09-15 22:04:50 CEST 43>
Fri 2022-09-16 06:28:52 CEST 7h left Thu 2022-09-15 06:39:52 CEST 16>
Fri 2022-09-16 06:54:45 CEST 8h left Thu 2022-09-15 00:59:05 CEST 21>
Fri 2022-09-16 07:27:18 CEST 8h left Thu 2022-09-15 20:08:18 CEST 2h>
Fri 2022-09-16 10:23:45 CEST 11h left Thu 2022-09-15 19:41:01 CEST 3h>
Sun 2022-09-18 03:10:01 CEST 2 days left Sun 2022-09-11 03:11:05 CEST 4 >
Mon 2022-09-19 00:14:45 CEST 3 days left Mon 2022-09-12 00:40:35 CEST 3 >
Sun 2022-09-25 02:14:00 CEST 1 week 2 days left Sun 2022-09-11 10:56:49 CEST 4 >
16 timers listed.
根据系统日志,logrotate 也在运行:
Sep 14 00:00:08 server1 systemd[1]: logrotate.service: Deactivated successfully.
Sep 14 02:30:41 server1 systemd[1]: logrotate.timer: Deactivated successfully.
Sep 15 00:00:01 server1 systemd[1]: logrotate.service: Deactivated successfully.
Sep 15 02:30:42 server1 systemd[1]: logrotate.timer: Deactivated successfully.
systemd 也确认了这一点:
# systemctl status logrotate.timer
● logrotate.timer - Daily rotation of log files
Loaded: loaded (/lib/systemd/system/logrotate.timer; enabled; vendor prese>
Active: active (waiting) since Thu 2022-09-15 02:30:57 CEST; 20h ago
Trigger: Fri 2022-09-16 00:00:00 CEST; 1h 8min left
Triggers: ● logrotate.service
Docs: man:logrotate(8)
man:logrotate.conf(5)
Sep 15 02:30:57 server1 systemd[1]: Started Daily rotation of log fil
但是没有日志被轮换。当我按照 logrotate.service 中的指定手动启动 logrotate 时,什么也没有发生(没有输出,没有日志被轮换):
root@server1:/usr/lib/systemd/system# /usr/sbin/logrotate /etc/logrotate.conf
root@server1:/usr/lib/systemd/system#
当我使用 -vf 启动 logrotate 来查看问题所在时,日志确实被旋转了:
root@server1:/usr/lib/systemd/system# /usr/sbin/logrotate -vf /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
请问我该如何调试这个问题并让 logrotate 定期运行?
答案1
我遇到了一个与更新后出现的症状相同的问题。我的情况是从 Ubuntu 21.10 升级到 22.04。
我可以运行:
logrotate /etc/logrotate.d/rsyslog --debug
这是最相关的错误:
错误:跳过“/var/log/syslog”,因为父目录具有不安全的权限(它是所有人可写的或者可由非“root”的组写入)在配置文件中设置“su”指令来告诉 logrotate 应该使用哪个用户/组进行轮换。
检查哪个组被分配到 /var/log,在我的情况下您可以看到它是 syslog。
ls -alh /var/
drwxrwxr-x 16 root syslog 4.0K Sep 27 19:25 log
我将下面的行添加到 /etc/logrotate.d/rsyslog
su syslog syslog
最后我的 /etc/logrotate.d/rsyslog 文件看起来像这样。
/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
su syslog syslog
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
通过这些编辑,我可以再次运行它,上面看到的错误消失了。我从命令末尾删除了 --debug 并重新运行它。系统日志文件已与其他有错误的文件一起轮换。
logrotate /etc/logrotate.d/rsyslog --debug