|
|
概念
在Linux系统中,日志文件是系统运行过程中生成的记录,用于帮助系统管理员监控系统状态、排查问题、检测安全事件等。Linux系统日志文件通常存储在 /var/log 目录下,不同的日志文件记录不同类型的信息。
Linux系统核心日志文件
/var/log/messages
记录系统运行过程中的各种信息,包括硬件设备的检测、内核消息、服务启动和停止的状态等。这是一个综合性的系统日志文件,通常用于记录系统级别的事件。它包含了系统运行过程中产生的大部分信息,但不包括某些特定类型的信息(如认证信息)。
在大多数Linux发行版中(如Red Hat、CentOS、Fedora等),/var/log/messages 是默认的系统日志文件。
示例:
root@master-01:~# cat /var/log/messagesApr 18 15:05:01 master-01 kernel: [5200270.501174][T1101624] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.Apr 18 15:05:25 master-01 kernel: [5200293.907489][T1058013] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.Apr 18 15:05:25 master-01 kernel: [5200293.912834][T1058013] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.Apr 18 15:05:25 master-01 kernel: [5200294.053987][T1101321] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.Apr 18 15:12:49 master-01 kernel: [5200738.730167][T1110236] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.Apr 18 15:12:50 master-01 kernel: [5200739.651862][T966957] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.Apr 18 15:12:50 master-01 kernel: [5200739.655153][T966957] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.Apr 18 15:12:50 master-01 kernel: [5200739.665883][T1110256] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.Apr 18 15:13:12 master-01 kernel: [5200760.882023][T1099873] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready/var/log/syslog
记录系统运行过程中的各种信息,包括内核消息、服务状态、用户活动等。/var/log/syslog 通常包含的内容比 /var/log/messages 更全面,它不仅记录系统事件,还包含用户活动和应用程序的日志信息。
在基于Debian的系统(如Ubuntu、Debian等)中,/var/log/syslog 是默认的系统日志文件。
示例:
root@master-01:~# cat /var/log/syslogApr 18 02:42:21 master-01 containerd[29864]: 2025-04-18 02:42:21.544 [INFO][151713] k8s.go 583: Releasing IP address(es) ContainerID="4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de"Apr 18 02:42:21 master-01 containerd[29864]: 2025-04-18 02:42:21.544 [INFO][151713] utils.go 195: Calico CNI releasing IP address ContainerID="4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de"Apr 18 02:42:21 master-01 containerd[29864]: 2025-04-18 02:42:21.561 [INFO][151740] ipam_plugin.go 416: Releasing address using handleID ContainerID="4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de" HandleID="k8s-pod-network.4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de" Workload="master--01-k8s-meego--bytedance--bits--river--public--def--577c769ddc--z8vmb-eth0"Apr 18 02:42:21 master-01 containerd[29864]: time="2025-04-18T02:42:21+08:00" level=info msg="About to acquire host-wide IPAM lock." source="ipam_plugin.go:357"Apr 18 02:42:21 master-01 containerd[29864]: time="2025-04-18T02:42:21+08:00" level=info msg="Acquired host-wide IPAM lock." source="ipam_plugin.go:372"Apr 18 02:42:21 master-01 containerd[29864]: 2025-04-18 02:42:21.565 [WARNING][151740] ipam_plugin.go 433: Asked to release address but it doesn't exist. Ignoring ContainerID="4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de" HandleID="k8s-pod-network.4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de" Workload="master--01-k8s-meego--bytedance--bits--river--public--def--577c769ddc--z8vmb-eth0"Apr 18 02:42:21 master-01 containerd[29864]: 2025-04-18 02:42:21.565 [INFO][151740] ipam_plugin.go 444: Releasing address using workloadID ContainerID="4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de" HandleID="k8s-pod-network.4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de" Workload="master--01-k8s-meego--bytedance--bits--river--public--def--577c769ddc--z8vmb-eth0"Apr 18 02:42:21 master-01 containerd[29864]: time="2025-04-18T02:42:21+08:00" level=info msg="Released host-wide IPAM lock." source="ipam_plugin.go:378"Apr 18 02:42:21 master-01 containerd[29864]: 2025-04-18 02:42:21.567 [INFO][151713] k8s.go 589: Teardown processing complete. ContainerID="4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de"Apr 18 02:42:21 master-01 containerd[29864]: time="2025-04-18T02:42:21.571116330+08:00" level=warning msg="Failed to get podSandbox status for container event for sandboxID \"4760ea90bd55a5807ca183f350d7710e646324735659cb1a8d11b672610604de\": an error occurred when try to find sandbox: not found. Sending the event with nil podSandboxStatus./var/log/auth.log(Debian系)或 /var/log/secure(Red Hat系)
记录与用户认证相关的信息,包括用户登录、密码验证、权限变更等。
这个日志文件对于检测非法登录尝试和用户权限问题非常重要。例如,如果有人尝试用错误的密码登录系统,相关信息会记录在这里。
示例:
root@master-01:~# cat /var/log/auth.logApr 13 21:55:41 master-01 sshd[4018065]: pam_unix(sshd:auth): check pass; user unknownApr 13 21:55:41 master-01 sshd[4018065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.184.100.116Apr 13 21:55:41 master-01 sshd[4017952]: Connection closed by invalid user bytedance 180.184.100.116 port 55066 [preauth]Apr 13 21:55:44 master-01 sshd[4018065]: Failed password for invalid user bytedance from 180.184.100.116 port 55436 ssh2Apr 13 21:55:45 master-01 sshd[4018163]: Invalid user bytedance from 180.184.100.116 port 55632Apr 13 21:55:45 master-01 sshd[4018163]: pam_unix(sshd:auth): check pass; user unknownApr 13 21:55:45 master-01 sshd[4018163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.184.100.116Apr 13 21:55:45 master-01 sshd[4018065]: Connection closed by invalid user bytedance 180.184.100.116 port 55436 [preauth]Apr 13 21:55:47 master-01 sshd[4018163]: Failed password for invalid user bytedance from 180.184.100.116 port 55632 ssh2/var/log/dmesg
记录内核消息,主要用于记录系统启动时硬件的检测情况和内核的运行状态。
这个文件通常由内核直接管理,可以通过命令 dmesg 查看其内容。它对于排查硬件问题和内核相关错误非常有用。
root@master-01:~# dmesg[5199718.443477] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.[5199718.446698] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.[5199718.694839] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.[5199731.304854] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.[5199731.344757] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.[5199731.717113] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.[5199762.021051] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.[5199762.024317] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.[5199762.272861] overlayfs: NFS export requires "index=on", falling back to nfs_export=off./var/log/cron
记录 cron 定时任务的运行情况,包括任务的执行时间、执行结果等。
这个文件对于监控和排查定时任务的问题非常有用。
示例:
root@master-01:~# cat /var/log/cronApr 18 11:00:00 hostname CRON[1234]: (root) CMD (command-to-run)/var/log/lastlog
记录用户最后一次登录的信息,包括登录时间、登录终端等。
这个文件可以通过 lastlog 命令查看。
示例:
root@master-01:~# lastlogUsername Port From Latestroot pts/0 101.126.56.11 Fri Apr 18 15:02:09 +0800 2025daemon **Never logged in**bin **Never logged in**sys **Never logged in**sync **Never logged in**查看日志命令
查看日志有很多命令,例如cat、vi、vim等,但是当日志文件过大时,不建议采用cat、vi、vim命令,因为这些命令会占用cpu及内存,导致系统卡顿。
这个时候我们应该使用head、tail、less、more这四个命令
head
显示文件的头部信息,默认显示前10行内容
语法:
head [选项] 文件名常用选项说明
- -n:指定显示文件的前N行,默认10行,这是最常用的选项
- -c:指定显示文件的前N个字符
示例:
# 默认显示前10行内容root@master-01:~# head /var/log/syslogApr 18 00:00:01 master-01 rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="1332" x-info="https://www.rsyslog.com"] rsyslogd was HUPedApr 18 00:00:01 master-01 systemd[1]: Started Rotate log files.Apr 18 00:00:01 master-01 registry[29766]: time="2025-04-18T00:00:01.857112064+08:00" level=info msg="response completed" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=f940f0ec-f940-4e90-ae08-a3c68bd178db http.request.method=GET http.request.remoteaddr="10.3.0.28:26990" http.request.uri="/v2/larkprivate/bytedance.bits.user_public/blobs/sha256:dbda7c5a743e75f8dae27ac9b6adf734d7ea08a8a04445f4c90586ee732b63ab" http.request.useragent="containerd/v1.7.20" http.response.contenttype="application/octet-stream" http.response.duration=367.166533ms http.response.status=200 http.response.written=252821285Apr 18 00:00:01 master-01 registry[29766]: 10.3.0.28 - - [18/Apr/2025:00:00:01 +0800] "GET /v2/larkprivate/bytedance.bits.user_public/blobs/sha256:dbda7c5a743e75f8dae27ac9b6adf734d7ea08a8a04445f4c90586ee732b63ab HTTP/1.1" 200 252821285 "" "containerd/v1.7.20"Apr 18 00:00:02 master-01 kubelet[31400]: I0418 00:00:02.118970 31400 pod_startup_latency_tracker.go:102] "Observed pod startup duration" pod="default/meego-bytedance-bits-migration-public-def-7c676b59c4-qgd72" podStartSLOduration=-9.223371707735842e+09 pod.CreationTimestamp="2025-04-17 23:54:33 +0800 CST" firstStartedPulling="2025-04-17 23:59:43.921548557 +0800 CST m=+5121628.305810697" lastFinishedPulling="0001-01-01 00:00:00 +0000 UTC" observedRunningTime="2025-04-18 00:00:01.947985225 +0800 CST m=+5121646.332247382" watchObservedRunningTime="2025-04-18 00:00:02.118934354 +0800 CST m=+5121646.503196502"Apr 18 00:00:05 master-01 kubelet[31400]: E0418 00:00:05.143945 31400 eviction_manager.go:593] "Eviction manager: pod failed to evict" err="timeout waiting to kill pod" pod="default/meego-bytedance-bits-bql-public-def-68c4bc849c-txdjq"Apr 18 00:00:05 master-01 kubelet[31400]: I0418 00:00:05.143975 31400 eviction_manager.go:204] "Eviction manager: pods evicted, waiting for pod to be cleaned up" pods="[default/meego-bytedance-bits-bql-public-def-68c4bc849c-txdjq]"Apr 18 00:00:06 master-01 registry[29766]: time="2025-04-18T00:00:06.536583529+08:00" level=warning msg="error authorizing context: basic authentication challenge for realm "Registry Realm": invalid authorization credential" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=1ba82cb8-d2f8-46a6-9bc8-867de5a4de67 http.request.method=GET http.request.remoteaddr="10.3.0.28:54514" http.request.uri="/v2/" http.request.useragent="Go-http-client/1.1"Apr 18 00:00:06 master-01 registry[29766]: 10.3.0.28 - - [18/Apr/2025:00:00:06 +0800] "GET /v2/ HTTP/1.1" 401 87 "" "Go-http-client/1.1"Apr 18 00:00:06 master-01 kernel: [5145977.194403][T3929279] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.root@master-01:~## 指定显示前5行内容root@master-01:~# head -n 5 /var/log/syslogApr 18 00:00:01 master-01 rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="1332" x-info="https://www.rsyslog.com"] rsyslogd was HUPedApr 18 00:00:01 master-01 systemd[1]: Started Rotate log files.Apr 18 00:00:01 master-01 registry[29766]: time="2025-04-18T00:00:01.857112064+08:00" level=info msg="response completed" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=f940f0ec-f940-4e90-ae08-a3c68bd178db http.request.method=GET http.request.remoteaddr="10.3.0.28:26990" http.request.uri="/v2/larkprivate/bytedance.bits.user_public/blobs/sha256:dbda7c5a743e75f8dae27ac9b6adf734d7ea08a8a04445f4c90586ee732b63ab" http.request.useragent="containerd/v1.7.20" http.response.contenttype="application/octet-stream" http.response.duration=367.166533ms http.response.status=200 http.response.written=252821285Apr 18 00:00:01 master-01 registry[29766]: 10.3.0.28 - - [18/Apr/2025:00:00:01 +0800] "GET /v2/larkprivate/bytedance.bits.user_public/blobs/sha256:dbda7c5a743e75f8dae27ac9b6adf734d7ea08a8a04445f4c90586ee732b63ab HTTP/1.1" 200 252821285 "" "containerd/v1.7.20"Apr 18 00:00:02 master-01 kubelet[31400]: I0418 00:00:02.118970 31400 pod_startup_latency_tracker.go:102] "Observed pod startup duration" pod="default/meego-bytedance-bits-migration-public-def-7c676b59c4-qgd72" podStartSLOduration=-9.223371707735842e+09 pod.CreationTimestamp="2025-04-17 23:54:33 +0800 CST" firstStartedPulling="2025-04-17 23:59:43.921548557 +0800 CST m=+5121628.305810697" lastFinishedPulling="0001-01-01 00:00:00 +0000 UTC" observedRunningTime="2025-04-18 00:00:01.947985225 +0800 CST m=+5121646.332247382" watchObservedRunningTime="2025-04-18 00:00:02.118934354 +0800 CST m=+5121646.503196502"tail
显示文件的尾部信息,默认显示后10行
语法
tail [选项] 文件名常用选项说明:
- -n:指定显示文件的后N行,默认10行
- -f:实时监控文件的变化,当文件内容更新时,tail会自动显示新增的内容,最常用
- -c:指定显示文件的后N个字符
示例:
# 默认显示后10行内容root@master-01:~# tail /var/log/syslogApr 18 15:41:41 master-01 registry[29766]: time="2025-04-18T15:41:41.29733102+08:00" level=info msg="response completed" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=50602835-b009-4fe0-84d4-5bb7b051ac36 http.request.method=GET http.request.remoteaddr="10.3.0.13:48422" http.request.uri="/v2/dc/meego.component.ssr/blobs/sha256:3d364c24bd4b23073464df3e986c84fbe49dd4ba425702aea2fee938f41be617" http.request.useragent="containerd/v1.7.20" http.response.contenttype="application/octet-stream" http.response.duration=81.484271ms http.response.status=200 http.response.written=9375912Apr 18 15:41:41 master-01 registry[29766]: 10.3.0.13 - - [18/Apr/2025:15:41:41 +0800] "GET /v2/dc/meego.component.ssr/blobs/sha256:3d364c24bd4b23073464df3e986c84fbe49dd4ba425702aea2fee938f41be617 HTTP/1.1" 200 9375912 "" "containerd/v1.7.20"Apr 18 15:41:41 master-01 registry[29766]: time="2025-04-18T15:41:41.386849575+08:00" level=info msg="authorized request" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=fcc56214-8346-41d2-9d23-cb12d2ab3e3a http.request.method=GET http.request.remoteaddr="10.3.0.13:48422" http.request.uri="/v2/dc/meego.component.ssr/blobs/sha256:6f8ed6279370767b6e25a753937101e03861f000ba89f13067f49b4f59af1b6d" http.request.useragent="containerd/v1.7.20" vars.digest="sha256:6f8ed6279370767b6e25a753937101e03861f000ba89f13067f49b4f59af1b6d" vars.name="dc/meego.component.ssr"Apr 18 15:41:41 master-01 containerd[29864]: time="2025-04-18T15:41:41.699519045+08:00" level=error msg="collecting metrics for 456f3b98e0c6d31ae6e2e95f476689bf326cba5d75edbd8e4b211f9c27c858a9" error="cgroups: cgroup deleted: unknown"Apr 18 15:41:42 master-01 registry[29766]: time="2025-04-18T15:41:42.364074963+08:00" level=info msg="response completed" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=fcc56214-8346-41d2-9d23-cb12d2ab3e3a http.request.method=GET http.request.remoteaddr="10.3.0.13:48422" http.request.uri="/v2/dc/meego.component.ssr/blobs/sha256:6f8ed6279370767b6e25a753937101e03861f000ba89f13067f49b4f59af1b6d" http.request.useragent="containerd/v1.7.20" http.response.contenttype="application/octet-stream" http.response.duration=1.047214177s http.response.status=200 http.response.written=577758195Apr 18 15:41:42 master-01 registry[29766]: 10.3.0.13 - - [18/Apr/2025:15:41:41 +0800] "GET /v2/dc/meego.component.ssr/blobs/sha256:6f8ed6279370767b6e25a753937101e03861f000ba89f13067f49b4f59af1b6d HTTP/1.1" 200 577758195 "" "containerd/v1.7.20"Apr 18 15:41:50 master-01 kubelet[31400]: I0418 15:41:50.969054 31400 image_gc_manager.go:312] "Disk usage on image filesystem is over the high threshold, trying to free bytes down to the low threshold" usage=85 highThreshold=85 amountToFree=10127867904 lowThreshold=80Apr 18 15:41:50 master-01 kubelet[31400]: E0418 15:41:50.971171 31400 kubelet.go:1382] "Image garbage collection failed multiple times in a row" err="Failed to garbage collect required amount of images. Attempted to free 10127867904 bytes, but only found 0 bytes eligible to free."Apr 18 15:41:51 master-01 containerd[29864]: time="2025-04-18T15:41:51.718029829+08:00" level=error msg="collecting metrics for 456f3b98e0c6d31ae6e2e95f476689bf326cba5d75edbd8e4b211f9c27c858a9" error="cgroups: cgroup deleted: unknown"Apr 18 15:42:01 master-01 containerd[29864]: time="2025-04-18T15:42:01.740866578+08:00" level=error msg="collecting metrics for 456f3b98e0c6d31ae6e2e95f476689bf326cba5d75edbd8e4b211f9c27c858a9" error="cgroups: cgroup deleted: unknown"# 指定显示后5行的内容root@master-01:~# tail -n 5 /var/log/syslogApr 18 15:42:06 master-01 registry[29766]: 10.3.0.13 - - [18/Apr/2025:15:42:06 +0800] "GET /v2/larkprivate/bytedance.bits.user_public/blobs/sha256:93d5206170400f57c1f3b57c56beb22ebab609af44bd7335e6880962cfd5e125 HTTP/1.1" 200 2137 "" "containerd/v1.7.20"Apr 18 15:42:06 master-01 registry[29766]: time="2025-04-18T15:42:06.333661489+08:00" level=info msg="authorized request" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=5891580a-2d84-435c-a908-cb296e199b7b http.request.method=GET http.request.remoteaddr="10.3.0.13:43656" http.request.uri="/v2/larkprivate/bytedance.bits.user_public/blobs/sha256:43d77a3ecc89b1cb6cebdd49083c63dfc24faac7309a55d2c8fd91dbd5d7fa4a" http.request.useragent="containerd/v1.7.20" vars.digest="sha256:43d77a3ecc89b1cb6cebdd49083c63dfc24faac7309a55d2c8fd91dbd5d7fa4a" vars.name="larkprivate/bytedance.bits.user_public"Apr 18 15:42:06 master-01 registry[29766]: time="2025-04-18T15:42:06.343030264+08:00" level=info msg="response completed" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=5891580a-2d84-435c-a908-cb296e199b7b http.request.method=GET http.request.remoteaddr="10.3.0.13:43656" http.request.uri="/v2/larkprivate/bytedance.bits.user_public/blobs/sha256:43d77a3ecc89b1cb6cebdd49083c63dfc24faac7309a55d2c8fd91dbd5d7fa4a" http.request.useragent="containerd/v1.7.20" http.response.contenttype="application/octet-stream" http.response.duration=79.554385ms http.response.status=200 http.response.written=9374304Apr 18 15:42:06 master-01 registry[29766]: 10.3.0.13 - - [18/Apr/2025:15:42:06 +0800] "GET /v2/larkprivate/bytedance.bits.user_public/blobs/sha256:43d77a3ecc89b1cb6cebdd49083c63dfc24faac7309a55d2c8fd91dbd5d7fa4a HTTP/1.1" 200 9374304 "" "containerd/v1.7.20"Apr 18 15:42:11 master-01 containerd[29864]: time="2025-04-18T15:42:11.760033888+08:00" level=error msg="collecting metrics for 456f3b98e0c6d31ae6e2e95f476689bf326cba5d75edbd8e4b211f9c27c858a9" error="cgroups: cgroup deleted: unknown"# 实时监控root@master-01:~# tail -f /var/log/syslogApr 18 15:42:05 master-01 registry[29766]: 10.3.0.13 - - [18/Apr/2025:15:42:05 +0800] "GET /v2/larkprivate/bytedance.bits.user_public/blobs/sha256:dbda7c5a743e75f8dae27ac9b6adf734d7ea08a8a04445f4c90586ee732b63ab HTTP/1.1" 200 252821285 "" "containerd/v1.7.20"Apr 18 15:42:06 master-01 registry[29766]: time="2025-04-18T15:42:06.044094175+08:00" level=info msg="response completed" go.version=go1.20.8 http.request.host="sealos.hub:5000" http.request.id=6a20742d-0b29-4aa9-a081-622579e34913 http.request.method=GET http.request.remoteaddr="10.3.0.13:43656" http.request.uri="/v2/larkprivate/bytedance.bits.user_public/blobs/sha256:3d82803473ffa929bd62ccff81e5f9695fd1dfe883dcaecad2d91c350a51f1a1" http.request.useragent="containerd/v1.7.20" http.response.contenttype="application/octet-stream" http.response.duration=269.30401ms http.response.status=200 http.response.written=87241090Apr 18 15:42:06 master-01 registry[29766]: 10.3.0.13 - - [18/Apr/2025:15:42:05 +0800] "GET /v2/larkprivate/bytedance.bits.user_public/blobs/sha256:3d82803473ffa929bd62ccff81e5f9695fd1dfe883dcaecad2d91c350a51f1a1 HTTP/1.1" 200 87241090 "" "containerd/v1.7.20"less
按页显示文件内容,到最后一页时会自动跳转至第一页
操作方式:
下一页:空格或CTRL+F(front) 前一页:CTRL+B(back) 搜索:/搜索内容 第一行:g 最后一行:G 第100行:100g或输入100回车 退出:按q示例:
root@master-01:~# less /var/log/syslogmore
按页显示文件内容,到最后一页时退出
操作方式:
下一页:空格或CTRL+F(front) 前一页:CTRL+B(back) 搜索:/搜索内容 第一行:g 最后一行:G 第100行:100g或输入100回车 退出:按q示例:
root@master-01:~# more /var/log/syslog日志切割
在Linux系统中,日志切割(Log Rotation)是日志管理的重要环节,用于防止日志文件无限制增长,节省磁盘空间,同时便于日志的管理和分析。以下是几种常见的日志切割方法:
logrotate工具
logrotate 是一个 Linux系统日志的管理工具。可以对单个日志文件或者某个目录下的文件按时间 / 大小进行切割,压缩操作;指定日志保存数量;还可以在切割之后运行自定义命令。
logrotate 的主要功能是定期检查配置文件中指定的日志文件,并根据配置条件(如文件大小、日期等)对日志文件进行以下操作:
- 轮转:将当前日志文件重命名为一个新文件(通常是添加日期或序号)。
- 创建新日志文件:重新创建一个空的日志文件,以便程序继续写入。
- 压缩:对旧的日志文件进行压缩,节省磁盘空间。
- 删除旧日志:根据配置删除过期的日志文件。
- 执行脚本:在轮转前后执行自定义脚本,例如重新加载服务。
- logrotate 通常由 cron 定时任务触发,每天运行一次。
- 配置实例
logrotate 的主配置文件是 /etc/logrotate.conf,同时 /etc/logrotate.d/ 目录下可以存放针对特定应用程序的日志轮转配置文件。logrotate 会先读取主配置文件,再读取 /etc/logrotate.d/ 目录下的配置文件。
系统默认配置文件
以Debian系统为例:
查看主配置文件
root@master-01:~# cat /etc/logrotate.conf# see "man logrotate" for details# rotate log files weeklyweekly# keep 4 weeks worth of backlogsrotate 4# create new (empty) log files after rotating old onescreate# use date as a suffix of the rotated file#dateext# uncomment this if you want your log files compressed#compress# packages drop log rotation information into this directoryinclude /etc/logrotate.d查看/etc/logrotate.d目录下子配置文件
root@master-01:~# cat /etc/logrotate.d/rsyslog/var/log/syslog{ rotate 7 daily missingok notifempty delaycompress compress postrotate /usr/lib/rsyslog/rsyslog-rotate endscript}/var/log/mail.info/var/log/mail.warn/var/log/mail.err/var/log/mail.log/var/log/daemon.log/var/log/kern.log/var/log/auth.log/var/log/user.log/var/log/lpr.log/var/log/cron.log/var/log/debug/var/log/messages{ rotate 4 weekly missingok notifempty compress delaycompress sharedscripts postrotate /usr/lib/rsyslog/rsyslog-rotate endscript}配置文件详解
# 日志文件名,可以填写多个/var/log/syslog{ # 指定保留几个旧日志文件,这里指定保留7个旧日志文件 rotate 7 # 指定多长时间轮换一次,这里指定每天轮转一次,weekly指定一周轮转一次,monthly表示每月轮转一次 daily # 如果日志文件丢失,不会报错 missingok # 如果日志文件是空的,则不会进行轮转 notifempty # 延迟压缩日志文件,直到下一次轮转,这样可以避免在轮转时立即压缩,减少磁盘I/O delaycompress # 压缩旧日志文件 compress # 创建新日志文件时的权限、所有者和组 create 640 root adm # 指定轮转后执行的脚本,例如,重新加载服务或发送通知。和endscript联合使用 postrotate /usr/lib/rsyslog/rsyslog-rotate # 脚本结束标识符,和postrotate联合使用 endscript}常用配置如下:
rotate:指定保留的旧日志文件数量。例如,rotate 4 表示保留4个旧日志文件。daily/weekly/monthly:指定轮转的频率。daily 表示每天轮转一次,weekly 表示每周轮转一次,monthly 表示每月轮转一次。size:根据日志文件的大小进行轮转。例如,size 100k 表示当文件大小超过100KB时进行轮转。compress:对旧日志文件进行压缩。delaycompress:延迟压缩,直到下一次轮转。这样可以避免在轮转时立即压缩,减少磁盘I/O。missingok:如果日志文件丢失,不会报错。notifempty:如果日志文件为空,不会进行轮转。create:指定新日志文件的权限、所有者和组。例如,create 640 root adm。sharedscripts:所有日志文件共享脚本(如 postrotate)。postrotate 和 endscript:在轮转后执行的脚本。例如,重新加载服务或发送通知。如何自动运行logrotate
logrotate 通常由 cron 定时任务自动运行。在 /etc/cron.daily/、/etc/cron.weekly/ 或 /etc/cron.monthly/ 目录下会有一个 logrotate 脚本,负责定期调用 logrotate 命令。我们只需要编写好logrotate配置文件即可。
实例:
root@master-01:~# cat /etc/cron.daily/logrotate#!/bin/sh# skip in favour of systemd timerif [ -d /run/systemd/system ]; then exit 0fi# this cronjob persists removals (but not purges)if [ ! -x /usr/sbin/logrotate ]; then exit 0fi/usr/sbin/logrotate /etc/logrotate.confEXITVALUE=$?if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"fiexit $EXITVALUE如何手动运行logrotate?
在强制执行 logrotate 之前,建议先使用调试模式来检查配置文件是否正确。调试模式不会实际执行轮转操作,但会显示将要执行的操作。这样可以避免因配置错误导致的问题。
# 语法logrotate -d [logrotate配置文件]# 调试所有日志文件logrotate -d /etc/logrotate.conf# 调试单个日志文件logrotate -d /etc/logrotate.d/apt
强制轮转可能会导致日志文件被重复轮转,或者在某些情况下覆盖旧的日志文件
# 语法logrotate -f [logrotate配置文件]# 强制轮转所有日志文件logrotate -f /etc/logrotate.conf# 强制轮转单个日志文件logrotate -f /etc/logrotate.d/aptsplit工具
split 命令用于将一个大文件分割成多个小文件,支持按行数、文件大小或指定数量进行分割
基本语法
split [选项] [输入文件] [输出文件前缀]常用选项:
# 这将把 largefile.txt 分割成多个文件,每个文件包含 100 行,输出文件名为 outputfileaa、outputfileab 等split -l 100 largefile.txt outputfile
# 这将把 largefile.txt 分割成多个文件,每个文件大小约为 10MBsplit -b 10M largefile.txt outputfile
# 这将把 largefile.txt 分割成 5 个文件split -n 5 largefile.txt outputfile
# 这将生成文件后缀为 3 位的文件,如 outputfileaaa、outputfileaabsplit -l 100 -a 3 largefile.txt outputfile
# 这将生成文件后缀为数字的文件,如 outputfile00、outputfile01split -l 100 -d largefile.txt outputfile |
|
English
简体中文
繁體中文
한국 사람
日本語
Deutsch
русский
بالعربية
TÜRKÇE
português
คนไทย
french
