如何解决为什么logrotate后rsyslog无法启动?
在午夜,cronjob启动logrotate来旋转4个关键日志文件。这4个日志文件也由rsyslog发送到日志聚合服务器。尽管轮换每个日志后运行rsyslog logrotate命令,但有时服务器还是会遇到“权限被拒绝”错误,该错误阻止rsyslog发送属于新文件的日志。我不知道为什么这种情况如此不可靠。
这是rsyslog报告的错误。请注意,它们仅在某些日期出现:
Jul 31 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 01 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 02 00:00:04 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/Nginx.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 09 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 10 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/django.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 10 00:00:01 hostname rsyslogd[26343]: imfile: error with inotify API,ignoring file '/home/ubuntu/remote_logs/django.log': Permission denied [v8.32.0]
Aug 16 00:00:01 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 16 00:00:02 hostname rsyslogd[26343]: file '/home/ubuntu/remote_logs/django.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Aug 19 00:00:03 hostname rsyslogd[856]: imfile: error with inotify API,ignoring file '/home/ubuntu/remote_logs/django.log': Permission denied [v8.32.0]
Aug 20 00:00:06 hostname rsyslogd[856]: imfile: error with inotify API,ignoring file '/home/ubuntu/remote_logs/app.log': Permission denied [v8.32.0]
Aug 30 00:00:01 hostname rsyslogd[856]: file '/home/ubuntu/remote_logs/celery.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Sep 03 00:00:01 hostname rsyslogd[856]: imfile: error with inotify API,ignoring file '/home/ubuntu/remote_logs/celery.log': Permission denied [v8.32.0]
Sep 03 00:00:04 hostname rsyslogd[856]: imfile: error with inotify API,ignoring file '/home/ubuntu/remote_logs/django.log': Permission denied [v8.32.0]
Logrotate由cron作业使用root用户触发。这是logrotate配置:
/home/ubuntu/remote_logs/*.log {
rotate 365
daily
compress
missingok
notifempty
dateext
dateformat .%Y-%m-%d
dateyesterday
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
/usr/lib/rsyslog/rsyslog-rotate
#!/bin/sh
if [ -d /run/systemd/system ]; then
systemctl kill -s HUP rsyslog.service
else
invoke-rc.d rsyslog rotate > /dev/null
fi
我知道logrotate本身就是成功的,因为logrotate冗长的日志表明了这一点,而且我每天都看到轮换的日志文件。似乎rsyslog无法访问新创建的文件。
以下是logrotate日志:
Handling 13 logs
rotating pattern: /home/ubuntu/remote_logs/*.log after 1 days (365 rotations)
empty log files are not rotated,old logs are removed
switching euid to 0 and egid to 106
considering log /home/ubuntu/remote_logs/celery.log
Now: 2020-10-14 00:00
Last rotated at 2020-10-13 00:00
log needs rotating
considering log /home/ubuntu/remote_logs/django.log
Now: 2020-10-14 00:00
Last rotated at 2020-10-13 00:00
log needs rotating
considering log /home/ubuntu/remote_logs/app.log
Now: 2020-10-14 00:00
Last rotated at 2020-10-13 00:00
log needs rotating
considering log /home/ubuntu/remote_logs/Nginx.log
Now: 2020-10-14 00:00
Last rotated at 2020-10-13 00:00
log needs rotating
rotating log /home/ubuntu/remote_logs/celery.log,log->rotateCount is 365
Converted ' .%Y-%m-%d' -> '.%Y-%m-%d'
dateext suffix '.2020-10-13'
glob pattern '.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]'
renaming /home/ubuntu/remote_logs/celery.log to /home/ubuntu/remote_logs/celery.log.2020-10-13
creating new /home/ubuntu/remote_logs/celery.log mode = 0644 uid = 102 gid = 106
running postrotate script
switching euid to 0 and egid to 0
compressing log with: /bin/gzip
switching uid to 0 and gid to 106
rotating log /home/ubuntu/remote_logs/django.log,log->rotateCount is 365
Converted ' .%Y-%m-%d' -> '.%Y-%m-%d'
dateext suffix '.2020-10-13'
glob pattern '.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]'
renaming /home/ubuntu/remote_logs/django.log to /home/ubuntu/remote_logs/django.log.2020-10-13
creating new /home/ubuntu/remote_logs/django.log mode = 0644 uid = 102 gid = 106
running postrotate script
switching euid to 0 and egid to 0
compressing log with: /bin/gzip
switching uid to 0 and gid to 106
rotating log /home/ubuntu/remote_logs/app.log,log->rotateCount is 365
Converted ' .%Y-%m-%d' -> '.%Y-%m-%d'
dateext suffix '.2020-10-13'
glob pattern '.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]'
renaming /home/ubuntu/remote_logs/app.log to /home/ubuntu/remote_logs/app.log.2020-10-13
creating new /home/ubuntu/remote_logs/app.log mode = 0644 uid = 102 gid = 106
running postrotate script
switching euid to 0 and egid to 0
compressing log with: /bin/gzip
switching uid to 0 and gid to 106
rotating log /home/ubuntu/remote_logs/Nginx.log,log->rotateCount is 365
Converted ' .%Y-%m-%d' -> '.%Y-%m-%d'
dateext suffix '.2020-10-13'
glob pattern '.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]'
renaming /home/ubuntu/remote_logs/Nginx.log to /home/ubuntu/remote_logs/Nginx.log.2020-10-13
creating new /home/ubuntu/remote_logs/Nginx.log mode = 0644 uid = 102 gid = 106
running postrotate script
switching euid to 0 and egid to 0
compressing log with: /bin/gzip
switching uid to 0 and gid to 106
switching euid to 0 and egid to 0
rsyslog发生了什么事情,使其无法偶尔访问日志文件?
解决方法
似乎某些文件没有创建权限。您需要在配置文件中添加POST jbpm-tasks/_search?size=1000
{
"query": {
"bool": {
"should": [
{
"term": {
"actualOwner.keyword": {
"value": "vasya"
}
}
},{
"term": {
"potentialOwners.keyword": {
"value": "vasya"
}
}
}
],"must": [
{
"terms": {
"status.keyword": [
"Created","Reserved","InProgress","Ready"
]
}
},],"minimum_should_match" : 1
}
},"aggs": {
"byProcesses": {
"terms": { "field": "processId.keyword","size": 1000000 }
}
}
}
,以授予必要的权限来旋转(修改)文件的内容。
您也可以指定组名create 0644 root root。但我建议使用root
create 0644 root grouname版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
