下面由linux系統教程欄目給大家詳細講解linux系統的logrotate,希望對需要的朋友有所幫助!
/etc/logrotate.conf/etc/logrotate.d/
[root@huanqiu_web1 ~]# cat /etc/cron.daily/logrotate#!/bin/sh/usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1EXITVALUE=$?if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"fiexit 0
# /usr/sbin/logrotate -f /etc/logrotate.d/nginx# /usr/sbin/logrotate -d -f /etc/logrotate.d/nginx
logrotate [OPTION...] <configfile>-d, --debug :debug模式,測試配置文件是否有錯誤。-f, --force :強制轉儲文件。-m, --mail=command :壓縮日志后,發送日志到指定郵箱。-s, --state=statefile :使用指定的狀態文件。-v, --verbose :顯示轉儲過程。
[root@huanqiu_web1 ~]# /usr/sbin/logrotate -v /etc/logrotate.conf[root@huanqiu_web1 ~]# /usr/sbin/logrotate -v /etc/logrotate.d/php
[root@huanqiu_web1 ~]# /usr/sbin/logrotate -d /etc/logrotate.conf[root@huanqiu_web1 ~]# /usr/sbin/logrotate -d /etc/logrotate.d/nginx
[root@fangfull_web1 ~]# cat /var/lib/logrotate.status
# cat /etc/logrotate.conf# 底下的設定是 "logrotate 的默認值" ,如果別的文件設定了其他的值,# 就會以其它文件的設定為主weekly //默認每一周執行一次rotate輪轉工作rotate 4 //保留多少個日志文件(輪轉幾次).默認保留四個.就是指定日志文件刪除之前輪轉的次數,0 指沒有備份create //自動創建新的日志文件,新的日志文件具有和原來的文件相同的權限;因為日志被改名,因此要創建一個新的來繼續存儲之前的日志dateext //這個參數很重要!就是切割后的日志文件以當前日期為格式結尾,如xxx.log-20131216這樣,如果注釋掉,切割出來是按數字遞增,即前面說的 xxx.log-1這種格式compress //是否通過gzip壓縮轉儲以后的日志文件,如xxx.log-20131216.gz ;如果不需要壓縮,注釋掉就行include /etc/logrotate.d# 將 /etc/logrotate.d/ 目錄中的所有文件都加載進來/var/log/wtmp { //僅針對 /var/log/wtmp 所設定的參數monthly //每月一次切割,取代默認的一周minsize 1M //文件大小超過 1M 后才會切割create 0664 root utmp //指定新建的日志文件權限以及所屬用戶和組rotate 1 //只保留一個日志.}# 這個 wtmp 可記錄用戶登錄系統及系統重啟的時間# 因為有 minsize 的參數,因此不見得每個月一定會執行一次喔.要看文件大小。
compress 通過gzip 壓縮轉儲以后的日志nocompress 不做gzip壓縮處理copytruncate 用于還在打開中的日志文件,把當前日志備份并截斷;是先拷貝再清空的方式,拷貝和清空之間有一個時間差,可能會丟失部分日志數據。nocopytruncate 備份日志文件不過不截斷create mode owner group 輪轉時指定創建新文件的屬性,如create 0777 nobody nobodynocreate 不建立新的日志文件delaycompress 和compress 一起使用時,轉儲的日志文件到下一次轉儲時才壓縮nodelaycompress 覆蓋 delaycompress 選項,轉儲同時壓縮。missingok 如果日志丟失,不報錯繼續滾動下一個日志errors address 專儲時的錯誤信息發送到指定的Email 地址ifempty 即使日志文件為空文件也做輪轉,這個是logrotate的缺省選項。notifempty 當日志文件為空時,不進行輪轉mail address 把轉儲的日志文件發送到指定的E-mail 地址nomail 轉儲時不發送日志文件olddir directory 轉儲后的日志文件放入指定的目錄,必須和當前日志文件在同一個文件系統noolddir 轉儲后的日志文件和當前日志文件放在同一個目錄下sharedscripts 運行postrotate腳本,作用是在所有日志都輪轉后統一執行一次腳本。如果沒有配置這個,那么每個日志輪轉后都會執行一次腳本prerotate 在logrotate轉儲之前需要執行的指令,例如修改文件的屬性等動作;必須獨立成行postrotate 在logrotate轉儲之后需要執行的指令,例如重新啟動 (kill -HUP) 某個服務!必須獨立成行daily 指定轉儲周期為每天weekly 指定轉儲周期為每周monthly 指定轉儲周期為每月rotate count 指定日志文件刪除之前轉儲的次數,0 指沒有備份,5 指保留5 個備份dateext 使用當期日期作為命名格式dateformat .%s 配合dateext使用,緊跟在下一行出現,定義文件切割后的文件名,必須配合dateext使用,只支持 %Y %m %d %s 這四個參數size(或minsize) log-size 當日志文件到達指定的大小時才轉儲,log-size能指定bytes(缺省)及KB (sizek)或MB(sizem).當日志文件 >= log-size 的時候就轉儲。 以下為合法格式:(其他格式的單位大小寫沒有試過)size = 5 或 size 5 (>= 5 個字節就轉儲)size = 100k 或 size 100ksize = 100M 或 size 100M
[root@master-server ~]# vim /etc/logrotate.d/nginx/usr/local/nginx/logs/*.log {dailyrotate 7missingoknotifemptydateextsharedscriptspostrotate if [ -f /usr/local/nginx/logs/nginx.pid ]; then kill -USR1 `cat /usr/local/nginx/logs/nginx.pid` fiendscript}
[root@bastion-IDC ~# vim /etc/logrotate.d/nginx/data/nginx_logs/*.access_log {nocompress daily copytruncate create ifempty olddir /data/nginx_logs/days rotate 0 }
[root@bastion-IDC ~# vim /usr/local/sbin/logrotate-nginx.sh#!/bin/bash#創建轉儲日志壓縮存放目錄mkdir -p /data/nginx_logs/days#手工對nginx日志進行切割轉換/usr/sbin/logrotate -vf /etc/logrotate.d/nginx#當前時間time=$(date -d "yesterday" +"%Y-%m-%d")#進入轉儲日志存放目錄cd /data/nginx_logs/days#對目錄中的轉儲日志文件的文件名進行統一轉換for i in $(ls ./ | grep "^(.*).[[:digit:]]$")domv ${i} ./$(echo ${i}|sed -n 's/^(.*).([[:digit:]])$/1/p')-$(echo $time)done#對轉儲的日志文件進行壓縮存放,并刪除原有轉儲的日志文件,只保存壓縮后的日志文件。以節約存儲空間for i in $(ls ./ | grep "^(.*)-([[:digit:]-]+)$")dotar jcvf ${i}.bz2 ./${i}rm -rf ./${i}done#只保留最近7天的壓縮轉儲日志文件find /data/nginx_logs/days/* -name "*.bz2" -mtime 7 -type f -exec rm -rf {} ;
[root@bastion-IDC ~# crontab -e#logrotate0 0 * * * /bin/bash -x /usr/local/sbin/logrotate-nginx.sh > /dev/null 2>
[root@bastion-IDC ~# /bin/bash -x /usr/local/sbin/logrotate-nginx.sh[root@bastion-IDC ~# cd /data/nginx_logs/days[root@bastion-IDC days# lshuantest.access_log-2017-01-18.bz2
[root@huanqiu_web1 ~]# cat /etc/logrotate.d/php/Data/logs/php/*log { daily rotate 365 missingok notifempty compress dateext sharedscripts postrotate if [ -f /Data/app/php5.6.26/var/run/php-fpm.pid ]; then kill -USR1 `cat /Data/app/php5.6.26/var/run/php-fpm.pid` fi endscript postrotate /bin/chmod 644 /Data/logs/php/*gz endscript}[root@huanqiu_web1 ~]# ll /Data/app/php5.6.26/var/run/php-fpm.pid-rw-r--r-- 1 root root 4 Dec 28 17:03 /Data/app/php5.6.26/var/run/php-fpm.pid[root@huanqiu_web1 ~]# cd /Data/logs/php[root@huanqiu_web1 php]# lltotal 25676-rw-r--r-- 1 root root 0 Jun 1 2016 error.log-rw-r--r-- 1 nobody nobody 182 Aug 30 2015 error.log-20150830.gz-rw-r--r-- 1 nobody nobody 371 Sep 1 2015 error.log-20150901.gz-rw-r--r-- 1 nobody nobody 315 Sep 7 2015 error.log-20150907.gz..................
[root@huanqiu_web1 ~]# cat /etc/logrotate.d/nginx/Data/logs/nginx/*/*log { daily rotate 365 missingok notifempty compress dateext sharedscripts postrotate /etc/init.d/nginx reload endscript}[root@huanqiu_web1 ~]# ll /Data/logs/nginx/www.huanqiu.com/..........-rw-r--r-- 1 root root 1652 Jan 1 00:00 error.log-20170101.gz-rw-r--r-- 1 root root 1289 Jan 2 00:00 error.log-20170102.gz-rw-r--r-- 1 root root 1633 Jan 3 00:00 error.log-20170103.gz-rw-r--r-- 1 root root 3239 Jan 4 00:00 error.log-20170104.gz
[root@huanqiu_web1 ~]# cat /etc/logrotate.d/syslog/var/log/cron/var/log/maillog/var/log/messages/var/log/secure/var/log/spooler{ sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript}[root@huanqiu_web1 ~]# ll /var/log/messages*-rw------- 1 root root 34248975 Jan 19 18:42 /var/log/messages-rw------- 1 root root 51772994 Dec 25 03:11 /var/log/messages-20161225-rw------- 1 root root 51800210 Jan 1 03:05 /var/log/messages-20170101-rw------- 1 root root 51981366 Jan 8 03:36 /var/log/messages-20170108-rw------- 1 root root 51843025 Jan 15 03:40 /var/log/messages-20170115[root@huanqiu_web1 ~]# ll /var/log/cron*-rw------- 1 root root 2155681 Jan 19 18:43 /var/log/cron-rw------- 1 root root 2932618 Dec 25 03:11 /var/log/cron-20161225-rw------- 1 root root 2939305 Jan 1 03:06 /var/log/cron-20170101-rw------- 1 root root 2951820 Jan 8 03:37 /var/log/cron-20170108-rw------- 1 root root 3203992 Jan 15 03:41 /var/log/cron-20170115[root@huanqiu_web1 ~]# ll /var/log/secure*-rw------- 1 root root 275343 Jan 19 18:36 /var/log/secure-rw------- 1 root root 2111936 Dec 25 03:06 /var/log/secure-20161225-rw------- 1 root root 2772744 Jan 1 02:57 /var/log/secure-20170101-rw------- 1 root root 1115543 Jan 8 03:26 /var/log/secure-20170108-rw------- 1 root root 731599 Jan 15 03:40 /var/log/secure-20170115[root@huanqiu_web1 ~]# ll /var/log/spooler*-rw------- 1 root root 0 Jan 15 03:41 /var/log/spooler-rw------- 1 root root 0 Dec 18 03:21 /var/log/spooler-20161225-rw------- 1 root root 0 Dec 25 03:11 /var/log/spooler-20170101-rw------- 1 root root 0 Jan 1 03:06 /var/log/spooler-20170108-rw------- 1 root root 0 Jan 8 03:37 /var/log/spooler-20170115
[root@huanqiu-backup ~]# cat /etc/logrotate.d/tomcat/Data/app/tomcat-7-huanqiu/logs/catalina.out {rotate 14dailycopytruncatecompressnotifemptymissingok}[root@huanqiu-backup ~]# ll /Data/app/tomcat-7-huanqiu/logs/catalina.*-rw-r--r--. 1 root root 0 Jan 19 19:11 /Data/app/tomcat-7-huanqiu/logs/catalina.out-rw-r--r--. 1 root root 95668 Jan 19 19:11 /Data/app/tomcat-7-huanqiu/logs/catalina.out.1.gz
[root@letv-backup ~]# vim /letv/sh/cut_nginx_log.sh#!/bin/bash# 你的日志文件存放目錄logs_path="/letv/logs/"# 日志文件的名字,多個需要空格隔開logs_names=(error access pv_access)dates=`date -d "yesterday" +"%Y%m%d"`mkdir -p ${logs_path}$dates/num=${#logs_names[@]}for((i=0;i<num;i++));domv ${logs_path}${logs_names[i]}.log ${logs_path}$dates/${logs_names[i]}.logdone#nginx平滑重啟kill -USR1 `cat /letv/logs/nginx/nginx.pid` 結合crontab定時執行[root@letv-backup ~]# crontab -e#nginx日志切割00 00 * * * cd /letv/logs;/bin/bash /letv/sh/cut_nginx_log.sh > /dev/null 2>$1
[root@huanqiu_test ~]# cat /etc/cron.daily/logrotate#!/bin/sh/usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1EXITVALUE=$?if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"fiexit 0
[root@huanqiu_test ~]# /usr/sbin/logrotate /etc/logrotate.conf
[root@huanqiu_test ~]# cat /etc/cron.daily/logrotate#!/bin/sh/usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1EXITVALUE=$?if [ $EXITVALUE != 0 ]; then /usr/bin/logger -f logrotate "ALERT exited abnormally with [$EXITVALUE]"fiexit
[root@huanqiu_test ~]# /etc/init.d/crond restartStopping crond: [ OK ]Starting crond: [ OK ]
Logrotate是基于CRON來運行的,其腳本是/etc/cron.daily/logrotate,實際運行時,Logrotate會調用配置文件/etc/logrotate.conf。[root@test ~]# cat /etc/cron.daily/logrotate#!/bin/sh/usr/sbin/logrotate /etc/logrotate.confEXITVALUE=$?if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"fiexit 0Logrotate是基于CRON運行的,所以這個時間是由CRON控制的,具體可以查詢CRON的配置文件/etc/anacrontab(老版本的文件是/etc/crontab)[root@test ~]# cat /etc/anacrontab# /etc/anacrontab: configuration file for anacron# See anacron(8) and anacrontab(5) for details.SHELL=/bin/shPATH=/sbin:/bin:/usr/sbin:/usr/binMAILTO=root# the maximal random delay added to the base delay of the jobsRANDOM_DELAY=45 //這個是隨機的延遲時間,表示最大45分鐘# the jobs will be started during the following hours onlySTART_HOURS_RANGE=3-22 //這個是開始時間#period in days delay in minutes job-identifier command1 5 cron.daily nice run-parts /etc/cron.daily7 25 cron.weekly nice run-parts /etc/cron.weekly@monthly 45 cron.monthly nice run-parts /etc/cron.monthly第一個是Recurrence period第二個是延遲時間所以cron.daily會在3:22+(5,45)這個時間段執行,/etc/cron.daily是個文件夾通過默認/etc/anacrontab文件配置,會發現logrotate自動切割日志文件的默認時間是凌晨3點多。==================================================================================================現在需要將切割時間調整到每天的晚上12點,即每天切割的日志是前一天的0-24點之間的內容。操作如下:[root@kevin ~]# mv /etc/anacrontab /etc/anacrontab.bak //取消日志自動輪轉的設置[root@G6-bs02 logrotate.d]# cat nstc_nohup.out/data/nstc/nohup.out {rotate 30dateextdailycopytruncatecompressnotifemptymissingok}[root@G6-bs02 logrotate.d]# cat syslog/var/log/cron/var/log/maillog/var/log/messages/var/log/secure/var/log/history{ sharedscripts compress rotate 30 daily dateext postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript}結合crontab進行自定義的定時輪轉操作[root@kevin ~]# crontab -l#log logrotate59 23 * * * /usr/sbin/logrotate -f /etc/logrotate.d/syslog >/dev/null 2>&159 23 * * * /usr/sbin/logrotate -f /etc/logrotate.d/nstc_nohup.out >/dev/null 2>&1[root@G6-bs02 ~]# ll /data/nstc/nohup.out*-rw------- 1 app app 33218 1月 25 09:43 /data/nstc/nohup.out-rw------- 1 app app 67678 1月 25 23:59 /data/nstc/nohup.out-20180125.gz
實例1:對jumpserver日志進行切割[root@test-vm01 mnt]# cat log_rotate.py#!/usr/bin/env pythonimport datetime,os,sys,shutillog_path = '/opt/jumpserver/logs/'log_file = 'jumpserver.log'yesterday = (datetime.datetime.now() - datetime.timedelta(days = 1))try: os.makedirs(log_path + yesterday.strftime('%Y') + os.sep + yesterday.strftime('%m'))except OSError,e: print print e sys.exit()shutil.move(log_path + log_file,log_path + yesterday.strftime('%Y') + os.sep + yesterday.strftime('%m') + os.sep + log_file + '_' + yesterday.strftime('%Y%m%d') + '.log')os.popen("sudo /opt/jumpserver/service.sh restart")手動執行這個腳本:[root@test-vm01 mnt]# chmod 755 log_rotate.py[root@test-vm01 mnt]# python log_rotate.py查看日志切割后的效果:[root@test-vm01 mnt]# ls /opt/jumpserver/logs/2017 jumpserver.log [root@test-vm01 mnt]# ls /opt/jumpserver/logs/2017/09[root@test-vm01 mnt]# ls /opt/jumpserver/logs/2017/09/jumpserver.log_20170916.log然后做每日的定時切割任務:[root@test-vm01 mnt]# crontab -e30 1 * * * /usr/bin/python /mnt/log_rotate.py > /dev/null 2>&1--------------------------------------------------------------------------------------實例2:對nginx日志進行切割[root@test-vm01 mnt]# vim log_rotate.py#!/usr/bin/env pythonimport datetime,os,sys,shutillog_path = '/app/nginx/logs/'log_file = 'www_access.log'yesterday = (datetime.datetime.now() - datetime.timedelta(days = 1))try: os.makedirs(log_path + yesterday.strftime('%Y') + os.sep + yesterday.strftime('%m'))except OSError,e: print print e sys.exit()shutil.move(log_path + log_file,log_path + yesterday.strftime('%Y') + os.sep + yesterday.strftime('%m') + os.sep + log_file + '_' + yesterday.strftime('%Y%m%d') + '.log')os.popen("sudo kill -USR1 `cat /app/nginx/logs/nginx.pid`")--------------------------------------------------------------------------------------其他業務日志的切割腳本跟上面做法相同
[root@qd-vpc-op-consumer01 ~]# cat /app/script/log_rotate.sh#!/bin/shfunction rotate() {logs_path=$1echo Rotating Log: $1cp ${logs_path} ${logs_path}.$(date -d "yesterday" +"%Y%m%d")> ${logs_path} rm -f ${logs_path}.$(date -d "7 days ago" +"%Y%m%d")}for i in $*do rotate $idone--------------------------------------------------------------------------------------------------------------每天定時切割日志的任務制定(比如對python的一個業務/data/log/xcspam/下的日志進行切割,0K的日志不進行切割):[root@qd-vpc-op-consumer01 ~]# crontab -e#xcspam 日志切割30 0 * * * find /data/log/xcspam/ -size +0 -name '*.log' | xargs /app/script/log_rotate.sh手動執行切割:[root@qd-vpc-op-consumer01 ~]# find /data/log/xcspam/ -size +0 -name '*.log' | xargs /app/script/log_rotate.sh切割后的日志效果:[root@qd-vpc-op-consumer01 ~]# ls /data/log/xcspam/xcspam_error.log xcspam_error.log-20170926--------------------------------------------------------------------------------------------------------------比如對maridb日志進行切割[root@qd-vpc-op-consumer01 ~]# crontab -e#xcspam 日志切割30 0 * * * find /var/log/mariadb/ -size +0 -name '*.log' | xargs /app/script/log_rotate.sh[root@qd-vpc-op-consumer01 ~]# find /var/log/mariadb/ -size +0 -name '*.log' | xargs /app/script/log_rotate.sh[root@qd-vpc-op-consumer01 ~]# ll /var/log/mariadb/總用量 8-rw-r-----. 1 mysql mysql 0 9月 17 20:31 mariadb.log-rw-r-----. 1 root root 4532 9月 17 20:31 mariadb.log.20170916--------------------------------------------------------------------------------------------------------------
日志壓縮腳本:[root@localhost ~]# ls /var/log/fss/nginx/nginx.20190506.log nginx.20190507.log nginx.20190508.log[root@localhost ~]# cat /root/log_clean.sh#!/usr/bin/sh#根據系統/服務/日志保留天數三個參數壓縮日志#usage: sh clearlog.sh sysname appname keepdayssysName=$1appName=$2keepDay=$3logDir=/var/log/${sysName}/${appName}logFile=${appName}.*[0-9][0-9].logcd ${logDir}find ./ -name "${logFile}" -mtime -${keepDay} -exec gzip {} ;[root@localhost ~]# sh /root/log_clean.sh fss nginx 3[root@localhost ~]# ls /var/log/fss/nginx/nginx.20190506.log.gz nginx.20190507.log.gz nginx.20190508.log.gz還可以針對日志保留策略,調整成日志清理腳本。
#!/bin/bashyesterday=`date -d "-1 days" +'%Y%m%d'`cd `dirname $0`basedir=`pwd`logdir="${basedir}/bak"bindir="${basedir%/*}/sbin"mkdir -p ${logdir}for log in `ls *.log 2>/dev/null`do mv ${log} ${logdir}/${log}.${yesterday}.bak # gzip ${logdir}/${log}.${yesterday}done${bindir}/nginx -s reloadcd ${logdir}find . -type f -name "*.bak" -mtime +7 | xargs rm -f
? 版權聲明
文章版權歸作者所有,未經允許請勿轉載。
THE END
