10.28 rsync工具介绍
rsync命令 是一个远程数据同步工具,可通过LAN/WAN快速同步多台主机间的文件。rsync使用所谓的“rsync算法”来使本地和远程两个主机之间的文件达到同步,这个算法只传送两个文件的不同部分,而不是每次都整份传送,因此速度相当快。
rsync工具类似于cp但是比cp功能更强大。
举例:两个目录A和B,我们要实现A目录下的数据拷贝到B目录下,A目录在不断更新数据。
如果用cp命令拷贝我们不知道更新的数据是那些,如果都复制过来覆盖原来的文件,这样一来不仅浪费时间,还比较繁琐。因此我们不使用cp命令来做这样的拷贝。而是使用rsync命令。
rsync命令可以实现增量的拷贝。
rsync拷贝/etc/passwd文件到/tmp目录下。
[root@liang-00 ~]# rsync -av /etc/passwd /tmp/1.txt sending incremental file list passwd sent 1,173 bytes received 35 bytes 2,416.00 bytes/sec total size is 1,082 speedup is 0.90 [root@liang-00 ~]#
还可以远程拷贝、同步文件。root为对方机器的用户名,@的后面为地址,之后是“:”。
[root@liang-00 ~]# rsync -av /etc/passwd root@192.168.37.200:/tmp/1.txt root@192.168.37.200's password: sending incremental file list sent 44 bytes received 12 bytes 12.44 bytes/sec total size is 1,082 speedup is 19.32 [root@liang-00 ~]#
rsync的格式:
- rsync [OPTION] … SRC DEST
- rsync [OPTION] … SRC [user@]host:DEST
- rsync [OPTION] … [user@]host:SRC DEST
- rsync [OPTION] … SRC [user@]host::DEST
- rsync [OPTION] … [user@]host::SRC DEST
SRC:源目录;DEST:目标文件;
[user@]是可以省略掉的,不写的话使用当前主机的用户名。
10.29 rsync常用选项
rsync常用选项:
- -a 包含-rtplgoD
- -r 同步目录时要加上,类似cp时的-r选项
- -v 同步时显示一些信息,让我们知道同步的过程
- -l 保留软连接
- -L 加上该选项后,同步软链接时会把源文件给同步
- -p 保持文件的权限属性
- -o 保持文件的属主
- -g 保持文件的属组
- -D 保持设备文件信息
- -t 保持文件的时间属性
- --delete 删除DEST中SRC没有的文件
- --exclude 过滤指定文件,如--exclude “logs”会把文件名包含logs的文件或者目录过滤掉,不同步
- -P 显示同步过程,比如速率,比-v更加详细
- -u 加上该选项后,如果DEST中的文件比SRC新,则不同步(mtime)
- -z 传输时压缩(zip压缩)
rsync同步目录。把 /root/a_test/目录 同步到/tmp/a_test_dest/目录下(a_test_dest为新命名目录)。
同步目录时我们在目录的最后面都加上“/”。
[root@liang-00 ~]# rsync -av /root/a_test/ /tmp/a_test_dest/ sending incremental file list created directory /tmp/a_test_dest ./ 2.sh exec.sh s_passwd -> /etc/passwd source.sh sent 749 bytes received 118 bytes 1,734.00 bytes/sec total size is 469 speedup is 0.54 [root@liang-00 ~]#
-L选项:这时会把小 l 给覆盖掉,这时软链接文件就会变成普通的文件,并且会把源文件的软链接指向文件的内容拷贝过来。
[root@liang-00 ~]# rsync -avL /root/a_test/ /tmp/a_test_dest/ sending incremental file list s_passwd sent 1,264 bytes received 35 bytes 2,598.00 bytes/sec total size is 1,540 speedup is 1.19 [root@liang-00 ~]# [root@liang-00 ~]# cat /tmp/a_test_dest/s_passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
--delete:删除DEST中SRC没有的文件。
在目标目录下存在源目录没有的文件,--delete会删除多余的文件。
创建多余的文件new.txt。
[root@liang-00 ~]# ls /tmp/a_test_dest/ 2.sh exec.sh new.txt source.sh s_passwd [root@liang-00 ~]#
rsync同步,--delete选项删除多余的new.txt文件。
[root@liang-00 ~]# rsync -avL --delete /root/a_test/ /tmp/a_test_dest/ sending incremental file list deleting new.txt ./ sent 142 bytes received 30 bytes 344.00 bytes/sec total size is 1,540 speedup is 8.95 [root@liang-00 ~]#
--exclude选项:过滤指定文件(可以支持写多个 --exclude)
[root@liang-00 ~]# touch /root/a_test/1.txt [root@liang-00 ~]# ls /root/a_test/ 1.txt 2.sh exec.sh source.sh s_passwd [root@liang-00 ~]# [root@liang-00 ~]# rsync -avL --exclude "1.txt" /root/a_test/ /tmp/a_test_dest/ sending incremental file list ./ sent 141 bytes received 19 bytes 320.00 bytes/sec total size is 1,540 speedup is 9.62 [root@liang-00 ~]# ls !$ ls /tmp/a_test_dest/ 2.sh exec.sh source.sh s_passwd [root@liang-00 ~]#
-P选项:显示同步过程,比如速率,比-v更加详细。
[root@liang-00 ~]# rsync -avP /root/a_test/ /tmp/a_test_dest/ sending incremental file list ./ 1.txt 0 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=4/6) 2.sh 112 100% 0.00kB/s 0:00:00 (xfr#2, to-chk=3/6) exec.sh 156 100% 152.34kB/s 0:00:00 (xfr#3, to-chk=2/6) s_passwd -> /etc/passwd source.sh 190 100% 185.55kB/s 0:00:00 (xfr#4, to-chk=0/6) sent 810 bytes received 98 bytes 1,816.00 bytes/sec total size is 469 speedup is 0.52 [root@liang-00 ~]#
-u选项:加上该选项后,如果DEST中的文件比SRC新,则不同步(mtime)
如果不加-u选项,源目录会把目标目录中,比源目录还新的文件(1.txt)给覆盖。
[root@liang-00 ~]# vim /tmp/a_test_dest/1.txt [root@liang-00 ~]# rsync -avP /root/a_test/ /tmp/a_test_dest/ sending incremental file list ./ 1.txt 0 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=4/6) sent 220 bytes received 38 bytes 516.00 bytes/sec total size is 469 speedup is 1.82 [root@liang-00 ~]#
加上-u后,不在覆盖1.txt文件
[root@liang-00 ~]# rsync -avPu /root/a_test/ /tmp/a_test_dest/ sending incremental file list ./ sent 181 bytes received 19 bytes 400.00 bytes/sec total size is 469 speedup is 2.35 [root@liang-00 ~]# cat /tmp/a_test_dest/1.txt dafadfad sgfsgafas daf : [root@liang-00 ~]#
-z选项:传输时压缩。在远程传输比较多文件时,会比较节省带宽。
[root@liang-00 ~]# rsync -avPz /root/a_test/ /tmp/a_test_dest/ sending incremental file list 1.txt 0 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=4/6) sent 214 bytes received 35 bytes 498.00 bytes/sec total size is 469 speedup is 1.88 [root@liang-00 ~]#
10.31 rsync通过ssh同步
准备两台机器,并且能够通信
把 liang-00 上的文件同步到 liang-03 上。
[root@liang-00 ~]# rsync -av /etc/passwd 192.168.37.203:/tmp/liang.txt sending incremental file list passwd sent 1,173 bytes received 35 bytes 805.33 bytes/sec total size is 1,082 speedup is 0.90 [root@liang-00 ~]#
我们还可以从 liang-03上同步到本机(liang-00)上。
[root@liang-00 ~]# rsync -av 192.168.37.203:/tmp/liang.txt /tmp/123.txt receiving incremental file list liang.txt sent 43 bytes received 1,176 bytes 812.67 bytes/sec total size is 1,082 speedup is 0.89 [root@liang-00 ~]# ls /tmp/123.txt /tmp/123.txt
-e 指定ssh端口。
[root@liang-00 ~]# rsync -av -e "ssh -p 22" /etc/passwd 192.168.37.203:/tmp/liang.txt
sending incremental file list
sent 44 bytes received 12 bytes 37.33 bytes/sec
total size is 1,082 speedup is 19.32
[root@liang-00 ~]#
10.32 rsync通过服务同步
通过服务的方式同步:客户端,服务端;
在服务端开启服务默认端口为 873;
启动服务前要修改配置文件,默认路径为:/etc/rsyncd.conf,也可以自定义,如果是自定义的话要在开启服务时添加--configfile。
步骤:
1)在配置文件 /etc/rsyncd.conf 中添加一下内容。
port=873 log file=/var/log/rsync.log pid file=/var/run/rsyncd.pid address=192.168.37.203 [test] path=/tmp/rsync use chroot=true max connections=4 read only=no list=true uid=root gid=root auth users=test secrets file=/etc/rsyncd.passwd hosts allow=192.168.37.203
2)、之后启动服务,查看监听端口(192.168.37.200:873),IP不添加的话默认为:0.0.0.0 全部地址。
[root@liang-00 ~]# rsync --daemon [root@liang-00 ~]# ps aux |grep rsync root 2624 0.0 0.0 114740 564 ? Ss 23:26 0:00 rsync --daemon root 2633 0.0 0.0 112704 972 pts/0 S+ 23:26 0:00 grep --color=auto rsync [root@liang-00 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.37.200:873 0.0.0.0:* LISTEN 2624/rsync tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1130/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1333/master tcp6 0 0 :::22 :::* LISTEN 1130/sshd tcp6 0 0 ::1:25 :::* LISTEN 1333/master [root@liang-00 ~]#
3)排查错误,同步文件,把 liang-03 文件同步到 liang-00。
同步出现错误提示(No route to host),排查错误。
首先ping服务地址192.168.37.200,可以ping通网络没问题。
[root@liang-03 ~]# ping 192.168.37.200 PING 192.168.37.200 (192.168.37.200) 56(84) bytes of data. 64 bytes from 192.168.37.200: icmp_seq=1 ttl=64 time=23.6 ms 64 bytes from 192.168.37.200: icmp_seq=2 ttl=64 time=0.695 ms ^C --- 192.168.37.200 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.695/12.174/23.653/11.479 ms
排查端口:telnet 192.168.37.200 873,有问题。
[root@liang-03 ~]# telnet 192.168.37.200 873 Trying 192.168.37.200... telnet: connect to address 192.168.37.200: No route to host [root@liang-03 ~]#
检查防火墙firewall,关闭firewall
[root@liang-03 ~]# systemctl stop firewalld [root@liang-03 ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [root@liang-03 ~]#
[root@liang-00 ~]# systemctl stop firewalld.service [root@liang-00 ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [root@liang-00 ~]#
再用telnet 192.168.37.200 873 检查端口,出现如下图所示的提示证明873端口正常。
4)同步文件。
我们先不设置同步时密码确认,注释掉一下两行。
继续同步文件,完成。
[root@liang-03 ~]# rsync -avP /tmp/liang.txt 192.168.37.200::test/liang_1.txt sending incremental file list liang.txt 1,082 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=0/1) sent 1,176 bytes received 35 bytes 2,422.00 bytes/sec total size is 1,082 speedup is 0.89 [root@liang-03 ~]#
5)我们也可以把文件拉下来(从服务器到客户机)。
[root@liang-03 ~]# rsync -avP 192.168.37.200::test/liang_1.txt /tmp/22.txt receiving incremental file list liang_1.txt 1,082 100% 1.03MB/s 0:00:00 (xfr#1, to-chk=0/1) sent 43 bytes received 1,178 bytes 2,442.00 bytes/sec total size is 1,082 speedup is 0.89 [root@liang-03 ~]#
配置文件详解
- port:指定在哪个端口启动rsyncd服务,默认是873端口(也可以自定义)。
- log file:指定日志文件。
- pid file:指定pid文件,这个文件的作用涉及服务的启动、停止等进程管理操作。
- address:指定启动rsyncd服务的IP。假如你的机器有多个IP,就可以指定由其中一个启动rsyncd服务,如果不指定该参数,默认是在全部IP上启动。
- []:指定模块名,里面内容自定义。
- path:指定数据存放的路径。
- use chroot true|false:表示在传输文件前首先chroot到path参数所指定的目录下。这样做的原因是实现额外的安全防护,但缺点是需要以roots权限,并且不能备份指向外部的符号连接所指向的目录文件。默认情况下chroot值为true,如果你的数据当中有软连接文件,建议你设置成false。
use chroot:安全参数具体应用。
我们在服务机上的 PATH路径 /tmp/rsync 下创建一个软链接;
[root@liang-00 rsync]# ln -s /etc/passwd /tmp/rsync/33.txt [root@liang-00 rsync]# ll total 4 lrwxrwxrwx 1 root root 11 Nov 22 23:59 33.txt -> /etc/passwd -rw-r--r-- 1 root root 1082 Nov 15 22:35 liang_1.txt [root@liang-00 rsync]#
之后在客户机上rsync同步 /tmp/rsync/ 目录,会出现错误提示软链接没有同步过来。
[root@liang-03 ~]# rsync -avPL 192.168.37.200::test/ /tmp/test/ receiving incremental file list symlink has no referent: "/33.txt" (in test) created directory /tmp/test ./ liang_1.txt 1,082 100% 1.03MB/s 0:00:00 (xfr#1, to-chk=0/2) sent 46 bytes received 1,252 bytes 865.33 bytes/sec total size is 1,082 speedup is 0.83 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2] [root@liang-03 ~]#
查看日志文件可以看到
把 /etc/rsyncd.conf 配置文件改为: use chroot false之后就可以正常同步了。
[root@liang-03 ~]# rsync -avPL 192.168.37.200::test/ /tmp/test/ receiving incremental file list 33.txt 1,082 100% 1.03MB/s 0:00:00 (xfr#1, to-chk=1/3) sent 43 bytes received 1,214 bytes 2,514.00 bytes/sec total size is 2,164 speedup is 1.72 [root@liang-03 ~]# ls /tmp/test/ 33.txt liang_1.txt [root@liang-03 ~]#
更换端口。
1)关闭rsync服务。
[root@liang-00 rsync]# killall rsync [root@liang-00 rsync]# !ps ps aux |grep rsync root 2990 0.0 0.0 112704 972 pts/0 S+ 00:07 0:00 grep --color=auto rsync [root@liang-00 rsync]#
重新启动rsync,端口变为8730
[root@liang-00 rsync]# rsync --daemon [root@liang-00 rsync]# !ps ps aux |grep rsync root 3030 0.0 0.0 114740 564 ? Ss 00:11 0:00 rsync --daemon root 3039 0.0 0.0 112704 968 pts/0 S+ 00:11 0:00 grep --color=auto rsync [root@liang-00 rsync]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1130/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1333/master tcp 0 0 192.168.37.200:8730 0.0.0.0:* LISTEN 3030/rsync tcp6 0 0 :::22 :::* LISTEN 1130/sshd tcp6 0 0 ::1:25 :::* LISTEN 1333/master [root@liang-00 rsync]#
这时我们在用默认端口就会报错,用 --port 8730 来指定端口。
[root@liang-03 ~]# rsync -avP 192.168.37.200::test/liang_1.txt /tmp/22.txt rsync: failed to connect to 192.168.37.200 (192.168.37.200): Connection refused (111) rsync error: error in socket IO (code 10) at clientserver.c(125) [Receiver=3.1.2] [root@liang-03 ~]# rsync -avP --port 8730 192.168.37.200::test/liang_1.txt /tmp/22.txt receiving incremental file list sent 20 bytes received 49 bytes 46.00 bytes/sec total size is 1,082 speedup is 15.68 [root@liang-03 ~]#
- max connections:指定最大的连接数,默认是0,即没有限制。
- read only ture|false:如果为true,则不能上传到该模块指定的路径下。
- list:表示当用户查询该服务器上的可用模块时,该模块是否被列出,设定为true则列出,false则隐藏。
- uid/gid:指定传输文件时以哪个用户/组的身份传输。
- auth users:指定传输时要使用的用户名。
- secrets file:指定密码文件,该参数连同上面的参数如果不指定,则不使用密码验证。注意该密码文件的权限一定要是600。格式:用户名:密码
- hosts allow:表示被允许连接该模块的主机,可以是IP或者网段,如果是多个,中间用空格隔开。
- 当设置了auth users和secrets file后,客户端连服务端也需要用用户名密码了,若想在命令行中带上密码,可以设定一个密码文件
- rsync -avL test@192.168.133.130::test/test1/ /tmp/test8/ --password-file=/etc/pass
- 其中/etc/pass内容就是一个密码,权限要改为600
list选项:为true时显示模块名;为false时就不显示模块名了。
[root@liang-03 ~]# rsync --port 8730 192.168.37.200:: test [root@liang-03 ~]#
uid/gid:指定传输文件时以哪个用户/组的身份传输。
我们临时改为nobody,再同步。这时就会出现权限不够。
[root@liang-03 ~]# rsync -avP /tmp/22.txt --port 8730 192.168.37.200::test/ sending incremental file list 22.txt 1,082 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=0/1) rsync: chgrp ".22.txt.0d3OuQ" (in test) failed: Operation not permitted (1) sent 1,173 bytes received 115 bytes 2,576.00 bytes/sec total size is 1,082 speedup is 0.84 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2] [root@liang-03 ~]#
auth users:指定传输时要使用的用户名。
ecrets file:指定密码文件,该参数连同上面的参数如果不指定,则不使用密码验证。注意该密码文件的权限一定要是600。格式:用户名:密码
编辑密码文件 /etc/rsyncd.passwd
test:liang
权限改为600
[root@liang-03 ~]# rsync -avP /tmp/22.txt --port 8730 test@192.168.37.200::test/ Password: sending incremental file list 22.txt 1,082 100% 373.05kB/s 0:00:00 (xfr#1, to-chk=0/1) sent 95 bytes received 47 bytes 56.80 bytes/sec total size is 1,082 speedup is 7.62 [root@liang-03 ~]#
当我们要写shell脚本时,可以把密码文件在客户端上自定义一个密码文件:只写密码。
[root@liang-03 ~]# vi /etc/rsync_pass.txt #打开后只写密码 [root@liang-03 ~]# chmod 600 !$ chmod 600 /etc/rsync_pass.txt [root@liang-03 ~]#
用 --password-file=/etc/rsync_pass.txt 来同步文件。
[root@liang-03 ~]# rsync -avP /tmp/22.txt --port 8730 --password-file=/etc/rsync_pass.txt test@192.168.37.200::test/ sending incremental file list sent 44 bytes received 12 bytes 112.00 bytes/sec total size is 1,082 speedup is 19.32 [root@liang-03 ~]#
host allow :允许连接客户机器IP,可以写多个IP或IP段。
hosts allow=192.168.133.132 1.1.1.1 2.2.2.2 192.168.133.0/24
10.34 Linux系统日志
linux的系统服务,在启动时,有时会出现一些错误。其中有很多的错误信息会被记录在日志文件中。
看日志是非常重要的。
1、/var/log/messages #系统日志。
[root@liang-00 ~]# less /var/log/messages Nov 19 19:27:53 liang-00 journal: Runtime journal is using 6.1M (max allowed 49.1M, trying to leave 73.7M free of 485.5M available → current limit 49.1M). Nov 19 19:27:53 liang-00 kernel: Initializing cgroup subsys cpuset Nov 19 19:27:53 liang-00 kernel: Initializing cgroup subsys cpu Nov 19 19:27:53 liang-00 kernel: Initializing cgroup subsys cpuacct Nov 19 19:27:53 liang-00 kernel: Linux version 3.10.0-862.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) ) #1 SMP Fri Apr 20 16:44:24 UTC 2018 Nov 19 19:27:53 liang-00 kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-862.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet LANG=zh_CN.UTF-8 Nov 19 19:27:53 liang-00 kernel: Disabled fast string operations Nov 19 19:27:53 liang-00 kernel: e820: BIOS-provided physical RAM map: Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009efff] usable Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x000000000009f000-0x000000000009ffff] reserved Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x00000000000dc000-0x00000000000fffff] reserved Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x0000000000100000-0x000000003fedffff] usable Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x000000003fee0000-0x000000003fefefff] ACPI data Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x000000003feff000-0x000000003fefffff] ACPI NVS Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x000000003ff00000-0x000000003fffffff] usable Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x00000000f0000000-0x00000000f7ffffff] reserved Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec0ffff] reserved Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved Nov 19 19:27:53 liang-00 kernel: BIOS-e820: [mem 0x00000000fffe0000-0x00000000ffffffff] reserved Nov 19 19:27:53 liang-00 kernel: NX (Execute Disable) protection: active Nov 19 19:27:53 liang-00 kernel: SMBIOS 2.4 present. Nov 19 19:27:53 liang-00 kernel: Hypervisor detected: VMware Nov 19 19:27:53 liang-00 kernel: Host bus clock speed read from hypervisor : 66000000 Hz /var/log/messages
它的大小并不是很大,但是,如果不停的写,或是出现故障时,就会变得比较大。
[root@liang-00 ~]# du -sh !$ du -sh /var/log/messages 728K /var/log/messages [root@liang-00 ~]#
当系统日志很大时候,系统会把日志切割成一段一段的。
[root@liang-00 ~]# ls /var/log/messages* /var/log/messages /var/log/messages-20181104 /var/log/messages-20181119 /var/log/messages-20181028 /var/log/messages-20181111 [root@liang-00 ~]#
切割日志所使用的工具是:logrotate命令;我们可以查看其配置文件。
[root@liang-00 ~]# cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } # system-specific logs may be also be configured here. [root@liang-00 ~]#
- weekly:每周切割一次;rotate 4:切割保留4个;create:切割完成之后在创建一个新的文件;dateext:文件命名;compree:是否压缩(.tar.gz).
- include /etc/logrotate.d:其他配置文件。
- /var/log/wtmp 和 /var/log/btmp 对这两个日志进行切割,只保留一个,每个月切割一次,指定权限、属主属组。
我们继续查看 /etc/logrotate.d 文件。
[root@liang-00 ~]# ls /etc/logrotate.d bootlog chrony nginx syslog wpa_supplicant yum [root@liang-00 ~]# cat /etc/logrotate.d/syslog /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler { missingok sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript } [root@liang-00 ~]#
2、dmesg命令:
此命令可以检查机器的硬件问题,会出现error等信息。用 dmesg -c 可以清空掉,开机之后会恢复。
3、/var/log/dmesg 文件,系统启动的日志文件,跟dmesg不同。
[root@liang-00 ~]# ls /var/log/dmesg /var/log/dmesg [root@liang-00 ~]#
4、last命令:调用文件 /var/log/wtmp 用来记录正确的登录日志,二进制文件不可查看。
5、lastb命令查看登录失败的用户,对应的文件时/var/log/btmp 二进制文件不可查看。
6、/var/log/secure:安全日志。
Nov 23 09:27:14 liang-00 polkitd[716]: Loading rules from directory /etc/polkit-1/rules.d Nov 23 09:27:14 liang-00 polkitd[716]: Loading rules from directory /usr/share/polkit-1/rules.d Nov 23 09:27:14 liang-00 polkitd[716]: Finished loading, compiling and executing 2 rules Nov 23 09:27:14 liang-00 polkitd[716]: Acquired the name org.freedesktop.PolicyKit1 on the system bus Nov 23 09:27:32 liang-00 sshd[1126]: Server listening on 0.0.0.0 port 22. Nov 23 09:27:32 liang-00 sshd[1126]: Server listening on :: port 22. Nov 23 09:38:57 liang-00 sshd[1411]: Accepted publickey for root from 192.168.37.1 port 50025 ssh2: RSA SHA256:mv/KQkTuRKdTpP+IoOfVf0u/Wu6A7D8VFFZcKGzY5Xg Nov 23 09:38:57 liang-00 sshd[1411]: pam_unix(sshd:session): session opened for user root by (uid=0) [root@liang-00 ~]#
我们可以 tail -f /var/log/secure 动态地查看。
[root@liang-00 ~]# tail -f /var/log/secure Nov 22 23:41:03 liang-00 polkitd[723]: Unregistered Authentication Agent for unix-process:2724:1040196 (system bus name :1.61, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Nov 23 00:58:27 liang-00 polkitd[723]: Registered Authentication Agent for unix-process:3155:1504714 (system bus name :1.80 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Nov 23 09:27:14 liang-00 polkitd[716]: Loading rules from directory /etc/polkit-1/rules.d Nov 23 09:27:14 liang-00 polkitd[716]: Loading rules from directory /usr/share/polkit-1/rules.d Nov 23 09:27:14 liang-00 polkitd[716]: Finished loading, compiling and executing 2 rules Nov 23 09:27:14 liang-00 polkitd[716]: Acquired the name org.freedesktop.PolicyKit1 on the system bus Nov 23 09:27:32 liang-00 sshd[1126]: Server listening on 0.0.0.0 port 22. Nov 23 09:27:32 liang-00 sshd[1126]: Server listening on :: port 22. Nov 23 09:38:57 liang-00 sshd[1411]: Accepted publickey for root from 192.168.37.1 port 50025 ssh2: RSA SHA256:mv/KQkTuRKdTpP+IoOfVf0u/Wu6A7D8VFFZcKGzY5Xg Nov 23 09:38:57 liang-00 sshd[1411]: pam_unix(sshd:session): session opened for user root by (uid=0)
10.35 screen工具
screen:虚拟的终端。
[root@liang-00 ~]# screen [detached from 1790.pts-0.liang-00] [root@liang-00 ~]#
screen -ls 列出后台任务
[root@liang-00 ~]# screen -ls There is a screen on: 1790.pts-0.liang-00 (Detached) 1 Socket in /var/run/screen/S-root. [root@liang-00 ~]#
screen -r 1790 进入指定任务
exit 杀死任务