로그로테이트 관련 질문입니다.
작성자 정보
- 소병준 작성
- 작성일
컨텐츠 정보
- 3,657 조회
- 3 댓글
- 0 추천
- 목록
본문
현재 운용장비 4대중 한대의 logrotate가 작동하지않습니다. syslog는 잘 작동하는 상태이며
OS : REHL 5.3
Kernel version 2.6.18-128.el5
logrotate rpm version 3.7.4-9
4대의 /etc/logrotate.d/syslog
/etc/logrotate.conf
모두 diff 명령으로 확인해보았지만 다른점이 없었습니다.
##############################/etc/logrotate.conf##################################################
more logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
minsize 1M
create 0664 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
##############################/etc/logrotate.d/syslog##################################################
more syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
현재 구성상태는 이러하며 4대의 서버 모두 rpm -qs 상태는 모두 정상으로 출력되고
rpm -V 입력시 변경사항이 없어 그런지 아무것도 출력되지않습니다.
1. logrotate -f /etc/logrotate.d/syslog를 입력하면
messages.1 이 삭제되고 messages가 nullcopy 됩니다.
2. logroate -d /etc/logrotate.d/syslog를 입력하면
logrotate -d /etc/logrotate.d/syslog
reading config file /etc/logrotate.d/syslog
reading config info for /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron
Handling 1 logs
rotating pattern: /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron 1048576 bytes (no old logs will be kept)
empty log files are rotated, old logs are removed
considering log /var/log/messages
log does not need rotating
considering log /var/log/secure
log does not need rotating
considering log /var/log/maillog
log does not need rotating
considering log /var/log/spooler
log does not need rotating
considering log /var/log/boot.log
log does not need rotating
considering log /var/log/cron
log does not need rotating
not running postrotate script, since no logs were rotated
이렇게 출력됩니다.
3. 혹시 다른 가능성도 있을까 싶어 missingok 와 size 30K를 입력하여 logrotate -d 를 입력하면
logrotate -d /etc/logrotate.d/syslog
reading config file /etc/logrotate.d/syslog
reading config info for /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron
Handling 1 logs
rotating pattern: /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron 30720 bytes (no old logs will be kept)
empty log files are rotated, old logs are removed
considering log /var/log/messages
log needs rotating
considering log /var/log/secure
log does not need rotating
considering log /var/log/maillog
log does not need rotating
considering log /var/log/spooler
log does not need rotating
considering log /var/log/boot.log
log does not need rotating
considering log /var/log/cron
log does not need rotating
rotating log /var/log/messages, log->rotateCount is 0
renaming /var/log/messages.1 to /var/log/messages.2 (rotatecount 1, logstart 1, i 1),
renaming /var/log/messages.0 to /var/log/messages.1 (rotatecount 1, logstart 1, i 0),
renaming /var/log/messages to /var/log/messages.1
disposeName will be /var/log/messages.1
running postrotate script
running script with arg /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron : "
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
"
removing old log /var/log/messages.1
이렇게 출력되지만 증상은 똑같습니다.
4대의 설정이 모두 같은데 1대만 안되는 상태입니다. 현재까지 발견한 특이사항은 안되는 한대만 Clamav가 설치되어있습니다.
한달째 이것으로 골머리 썩고 있는데 혹시 이 사항에 대해 아시는 분 있으시면 도움좀 받고싶습니다.
관련자료
-
이전
-
다음
소병준님의 댓글
- 소병준
- 작성일
/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
위와 같이 출력됩니다... 다른시스템도 모두 동일한데 무슨문제일까요...
소병준님의 댓글
- 소병준
- 작성일