如何在 CENTOS 7 中启动或激活系统日志套接字?
How to start or activate syslog socket in CENTOS 7?
首先,我要感谢 Whosebug 及其所有活跃成员,让 Whosebug 成为一个漂亮的问答网站。我整天都在努力弄清楚 rsyslog 消息日志记录。
我正在使用 CENTOS 7 操作系统。从昨天开始,系统及其日志记录工作正常。由于数据中心问题,服务器已于昨晚由托管公司重新启动,并使我的服务器日志守护进程处于不稳定状态。
现在 /var/log 目录中有以下日志文件。这些文件在下面给出。
1. /var/log/定时任务
2. /var/log/邮件日志
3. /var/log/消息
4. /var/log/安全
现在 rsyslog 不会将任何日志消息写入上述任何日志文件。我在网上搜索了很多,但没有找到合适的答案。我认为这发生在 unix 套接字上。我得到以下命令输出:
"systemctl status syslog.socket"
syslog.socket - Syslog Socket Loaded: loaded
(/usr/lib/systemd/system/syslog.socket; static) Active: inactive
(dead)
Docs: man:systemd.special(7)
http://www.freedesktop.org/wiki/Software/systemd/syslog Listen: /run/systemd/journal/syslog (Datagram)
Aug 12 14:56:31 server1 systemd[1]: Starting Syslog Socket. Aug 12
14:56:31 server1 systemd[1]: Socket service syslog.service not loaded,
refusing. Aug 12 14:56:31 server1 systemd[1]: Failed to listen on
Syslog Socket.
注意:rsyslog 守护进程 运行 正确。请参阅下面的 rsyslog 状态
rsyslog.service - System Logging Service Loaded: loaded
(/usr/lib/systemd/system/rsyslog.service; enabled) Active: active
(running) since Wed 2015-08-12 16:04:08 IST; 33min ago Main PID: 145
(rsyslogd) CGroup: /system.slice/rsyslog.service
`-145 /usr/sbin/rsyslogd -n
Aug 12 15:15:44 server1 systemd[1]: Started System Logging Service.
Aug 12 15:34:25 server1 systemd[1]: Stopping System Logging Service...
Aug 12 15:34:25 server1 systemd[1]: Stopped System Logging Service.
Aug 12 15:34:49 server1 systemd[1]: Started System Logging Service.
Aug 12 16:03:44 server1 systemd[1]: Stopping System Logging Service...
Aug 12 16:03:44 server1 systemd[1]: Stopped System Logging Service.
Aug 12 16:04:08 server1 systemd[1]: Starting System Logging Service...
Aug 12 16:04:08 server1 systemd[1]: Started System Logging Service.
Aug 12 16:37:49 server1 systemd[1]: Started System Logging Service.
请帮我解决问题。
尝试在调试模式下启动它。
rsyslog -d
经过深入研究,我发现 imjournal.state 文件存在问题。 imjournal.state 文件保存日志控制服务的状态。在 REHL 中,系统消息实际上是由日志控制服务控制的。 Rsyslog 服务就像日志服务和 /var/log 目录之间的传输器一样工作,它将日志消息传输到日志目录文件。为了解决上述问题,我遵循了以下步骤。
1. First delete all files and folders of directory "/var/log/journal". Make sure you have not deleted the journal directory itself. This directory actually contains the log messages of journal service.
2. Now delete the imjournal state file. You can file the file at "/var/lib/rsyslog/imjournal.state". This file holds the state of rsyslog service for reading messages from journal directory.
3. Now restart the journal service using command "systemctl restart systemd-journald.service".
4. Now restart the rsyslog service using command "systemctl restart rsyslog.service".
现在 rsyslog 服务可以从日志目录中提取日志消息并将其写入相应的日志文件。只重启不行也可以重启机器
首先,我要感谢 Whosebug 及其所有活跃成员,让 Whosebug 成为一个漂亮的问答网站。我整天都在努力弄清楚 rsyslog 消息日志记录。
我正在使用 CENTOS 7 操作系统。从昨天开始,系统及其日志记录工作正常。由于数据中心问题,服务器已于昨晚由托管公司重新启动,并使我的服务器日志守护进程处于不稳定状态。
现在 /var/log 目录中有以下日志文件。这些文件在下面给出。 1. /var/log/定时任务 2. /var/log/邮件日志 3. /var/log/消息 4. /var/log/安全
现在 rsyslog 不会将任何日志消息写入上述任何日志文件。我在网上搜索了很多,但没有找到合适的答案。我认为这发生在 unix 套接字上。我得到以下命令输出:
"systemctl status syslog.socket"
syslog.socket - Syslog Socket Loaded: loaded (/usr/lib/systemd/system/syslog.socket; static) Active: inactive (dead) Docs: man:systemd.special(7) http://www.freedesktop.org/wiki/Software/systemd/syslog Listen: /run/systemd/journal/syslog (Datagram)
Aug 12 14:56:31 server1 systemd[1]: Starting Syslog Socket. Aug 12 14:56:31 server1 systemd[1]: Socket service syslog.service not loaded, refusing. Aug 12 14:56:31 server1 systemd[1]: Failed to listen on Syslog Socket.
注意:rsyslog 守护进程 运行 正确。请参阅下面的 rsyslog 状态
rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled) Active: active (running) since Wed 2015-08-12 16:04:08 IST; 33min ago Main PID: 145 (rsyslogd) CGroup: /system.slice/rsyslog.service `-145 /usr/sbin/rsyslogd -n
Aug 12 15:15:44 server1 systemd[1]: Started System Logging Service. Aug 12 15:34:25 server1 systemd[1]: Stopping System Logging Service... Aug 12 15:34:25 server1 systemd[1]: Stopped System Logging Service. Aug 12 15:34:49 server1 systemd[1]: Started System Logging Service. Aug 12 16:03:44 server1 systemd[1]: Stopping System Logging Service... Aug 12 16:03:44 server1 systemd[1]: Stopped System Logging Service. Aug 12 16:04:08 server1 systemd[1]: Starting System Logging Service... Aug 12 16:04:08 server1 systemd[1]: Started System Logging Service. Aug 12 16:37:49 server1 systemd[1]: Started System Logging Service.
请帮我解决问题。
尝试在调试模式下启动它。
rsyslog -d
经过深入研究,我发现 imjournal.state 文件存在问题。 imjournal.state 文件保存日志控制服务的状态。在 REHL 中,系统消息实际上是由日志控制服务控制的。 Rsyslog 服务就像日志服务和 /var/log 目录之间的传输器一样工作,它将日志消息传输到日志目录文件。为了解决上述问题,我遵循了以下步骤。
1. First delete all files and folders of directory "/var/log/journal". Make sure you have not deleted the journal directory itself. This directory actually contains the log messages of journal service.
2. Now delete the imjournal state file. You can file the file at "/var/lib/rsyslog/imjournal.state". This file holds the state of rsyslog service for reading messages from journal directory.
3. Now restart the journal service using command "systemctl restart systemd-journald.service".
4. Now restart the rsyslog service using command "systemctl restart rsyslog.service".
现在 rsyslog 服务可以从日志目录中提取日志消息并将其写入相应的日志文件。只重启不行也可以重启机器