📂文件系统和日志
inode和block概论
文件数据
文件数据包括元信息与实际数据,文件存储在硬盘上,硬盘最小存储单位时“扇区”,每个扇区存储512字节,block(块),连续的八个扇区组成一个block,是文件存取的最小单位,**inode(索引节点)**中文译文为“索引节点”也叫“i节点”,主要用于存储文件元信息,而且一个文件必须占有一个inode但至少占用一个block
inode的内容
- inode包含的文件的元信息
文件的字节数
文件拥有者的UID
文件的GID文件的读、写、执行权限
文件的时间戳
指向block - 每个inode都有一个号码,操作系统用inode号码来识别不同的文件,Linux系统内部不使用文件名,而使用inode号码来识别文件,但是对于用户来说,文件名只是inode号码便于识别的别称。
inode的号码
在Linux中系统内部会有自己方法来识别不同的文件,就是inode,因此由上文可理解为以下步骤:用户通过文件名打开文件时,系统内部会找到这个文件名对应的inode号码,然后通过inode号码,获取inode信息,最后根据inode信息,找到文件数据所在的block,读出数据。
如何查看inode号码
[root@localhost ~]# stat 1 #查看文件1的inode号码
文件:"1"
大小:0 块:0 IO 块:4096 普通空文件
设备:fd00h/64768d Inode:268635376 硬链接:1
权限:(0644/-rw-r--r--) Uid:( 0/ root) Gid:( 0/ root)
环境:unconfined_u:object_r:admin_home_t:s0
最近访问:2021-05-17 18:55:24.862995778 +0800 #atime 修改文件的时间
最近更改:2021-05-17 18:55:24.862995778 +0800 #mtime 修改文件的时间
最近改动:2021-05-17 18:55:24.862995778 +0800 #ctime 修改源信息的时间
创建时间:-
[root@localhost ~]# ls -i 1 #查看指定文件对应的inode号码
268635376 1
[root@localhost ~]# ll -i 1 #更加友好的显示文件对应的inode号码
268635376 -rw-r--r--. 1 root root 0 5月 17 18:55 1
[root@localhost ~]# stat -f 1 #更加友好的显示inode
文件:"1"
ID:fd0000000000 文件名长度:255 类型:xfs
块大小:4096 基本块大小:4096
块:总计:51124849 空闲:49762246 可用:49762246
Inodes: 总计:102299648 空闲:102141720
[root@localhost ~]# xfs_info /dev/sda1 #查看xfs文件系统,inode节点大小
meta-data=/dev/sda1 isize=512 agcount=4, agsize=65536 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0 spinodes=0
data = bsize=4096 blocks=262144, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]# dumpe2fs /dev/sda1 #查看ext4文件系统,inode节点大小
inode的特殊作用
由于inode号码与文件名分离,导致一些Unix、Linux系统具有以下的现象:
当文件名包含特殊字符,可能无法正常删除文件,直接删除inode,也可以删除文件
移动或重命名文件时,只改变文件名,不影响inode号码
打开一个文件后,系统通过inode号码来识别该文件,不再考虑文件名
inode的大小
inode也会消耗磁盘空间
每个inode的大小一般是128字节或256字节
格式化文件系统时确定inode的总数
使用df-i命令可以查看每个硬盘分区的inode总数和已经使用的数量
[root@localhost ~]# df -i #查看以用了多少inode、以及还有多少可用
文件系统 Inode 已用(I) 可用(I) 已用(I)% 挂载点
/dev/mapper/centos-root 102299648 157928 102141720 1% /
devtmpfs 478424 402 478022 1% /dev
tmpfs 482688 1 482687 1% /dev/shm
tmpfs 482688 1487 481201 1% /run
tmpfs 482688 16 482672 1% /sys/fs/cgroup
/dev/sda1 524288 341 523947 1% /boot
tmpfs 482688 6 482682 1% /run/user/42
tmpfs 482688 19 482669 1% /run/user/0
链接文件
为文件或者目录建立链接文件
链接文件分类
| 软连接 | 硬链接 | |
|---|---|---|
| 删除原始文件后 | 失效 | 仍然可用 |
| 使用范围 | 适用于文件或目录 | 只可用于文件 |
| 保存位置 | 与原始文件可以位于不同的文件系统中 | 必须与原始文件在同一个文件系统内 |
恢复XFS类型的文件
xfsdump命令格式
xfsdump -f 备份存放位置 要备份的路径或设备文件
xfsdump备份级别(默认为0)
0:完全备份 #全部备份
1-9:增量备份 #只备份后增加的
差异备份 #对比之后存在不同的或者修改过的进行备份
通过备份的数据来还原数据,所以必须要有备份数据
[root@localhost bak]# touch 1 2 3 4 #创建测试文件
[root@localhost bak]# xfsdump -f /bak /dev/sdb1 #备份到/bak
xfsdump: using file dump (drive_simple) strategy
xfsdump: version 3.1.7 (dump format 3.0) - type ^C for status and control
============================= dump label dialog ==============================
please enter label for this dump session (timeout in 300 sec)
-> sdb1 #交互模式 给他一个卷标
session label entered: "sdb1"
--------------------------------- end dialog ---------------------------------
xfsdump: level 0 dump of localhost.localdomain:/opt/bak
xfsdump: dump date: Mon May 17 23:01:34 2021
xfsdump: session id: 849ac6ed-07c4-4324-9329-2166f7721e29
xfsdump: session label: "sdb1"
xfsdump: ino map phase 1: constructing initial dump list
xfsdump: ino map phase 2: skipping (no pruning necessary)
xfsdump: ino map phase 3: skipping (only one dump stream)
xfsdump: ino map construction complete
xfsdump: estimated dump size: 22080 bytes
xfsdump: /var/lib/xfsdump/inventory created
============================= media label dialog =============================
please enter label for media in drive 0 (timeout in 300 sec)
-> sdb1 #给media一个标志
media label entered: "sdb1"
--------------------------------- end dialog ---------------------------------
xfsdump: creating dump session media file 0 (media 0, file 0)
xfsdump: dumping ino map
xfsdump: dumping directories
xfsdump: dumping non-directory files
xfsdump: ending media file
xfsdump: media file size 23608 bytes
xfsdump: dump size (non-dir files) : 0 bytes
xfsdump: dump complete: 13 seconds elapsed
xfsdump: Dump Summary:
xfsdump: stream 0 /bak OK (success)
xfsdump: Dump Status: SUCCESS
[root@localhost bak]# xfsdump -I #查看具体信息
file system 0:
fs id: 490a25a9-0588-4b91-8f11-d7c03ddfd55c
session 0:
mount point: localhost.localdomain:/opt/bak
device: localhost.localdomain:/dev/sdb1
time: Mon May 17 23:01:34 2021
session label: "sdb1"
session id: 849ac6ed-07c4-4324-9329-2166f7721e29
level: 0
resumed: NO
subtree: NO
streams: 1
stream 0: #完全备份
pathname: /bak
start: ino 67 offset 0
end: ino 71 offset 0
interrupted: NO
media files: 1
media file 0:
mfile index: 0
mfile type: data
mfile size: 23608
mfile start: ino 67 offset 0
mfile end: ino 71 offset 0
media label: "sdb1"
media id: 16cd6699-0acf-49d2-bf1c-590e892ae96c
xfsdump: Dump Status: SUCCESS
[root@localhost /]# xfsrestore -f /bak /opt/bak/ #恢复被删除的文件(必须要有备份)
xfsrestore: using file dump (drive_simple) strategy
xfsrestore: version 3.1.7 (dump format 3.0) - type ^C for status and control
xfsrestore: searching media for dump
xfsrestore: examining media file 0
xfsrestore: dump description:
xfsrestore: hostname: localhost.localdomain
xfsrestore: mount point: /opt/bak
xfsrestore: volume: /dev/sdb1
xfsrestore: session time: Mon May 17 23:01:34 2021
xfsrestore: level: 0
xfsrestore: session label: "sdb1"
xfsrestore: media label: "sdb1"
xfsrestore: file system id: 490a25a9-0588-4b91-8f11-d7c03ddfd55c
xfsrestore: session id: 849ac6ed-07c4-4324-9329-2166f7721e29
xfsrestore: media id: 16cd6699-0acf-49d2-bf1c-590e892ae96c
xfsrestore: using online session inventory
xfsrestore: searching media for directory dump
xfsrestore: reading directories
xfsrestore: 1 directories and 4 entries processed
xfsrestore: directory post-processing
xfsrestore: restoring non-directory files
xfsrestore: restore complete: 0 seconds elapsed
xfsrestore: Restore Summary:
xfsrestore: stream 0 /bak OK (success)
xfsrestore: Restore Status: SUCCESS
[root@localhost /]# ls /opt/bak/ #查看发现恢复完成
1 2 3 4
[root@localhost /]# xfsdump -f /bak1 /dev/sdb1 -M sdb1 -L sdb1 #不进入交互模式备份
xfsdump: using file dump (drive_simple) strategy
xfsdump: version 3.1.7 (dump format 3.0) - type ^C for status and control
xfsdump: level 0 dump of localhost.localdomain:/opt/bak
xfsdump: dump date: Mon May 17 23:13:28 2021
xfsdump: session id: 4c4a1c38-4b9c-4252-842b-83bca5a2ef75
xfsdump: session label: "sdb1"
xfsdump: ino map phase 1: constructing initial dump list
xfsdump: ino map phase 2: skipping (no pruning necessary)
xfsdump: ino map phase 3: skipping (only one dump stream)
xfsdump: ino map construction complete
xfsdump: estimated dump size: 22080 bytes
xfsdump: creating dump session media file 0 (media 0, file 0)
xfsdump: dumping ino map
xfsdump: dumping directories
xfsdump: dumping non-directory files
xfsdump: ending media file
xfsdump: media file size 23608 bytes
xfsdump: dump size (non-dir files) : 0 bytes
xfsdump: dump complete: 0 seconds elapsed
xfsdump: Dump Summary:
xfsdump: stream 0 /bak1 OK (success)
xfsdump: Dump Status: SUCCESS
再查看一次发现多了一个增量备份
[root@localhost /]# xfsdump -I
file system 0:
fs id: 490a25a9-0588-4b91-8f11-d7c03ddfd55c
session 0:
mount point: localhost.localdomain:/opt/bak
device: localhost.localdomain:/dev/sdb1
time: Mon May 17 23:01:34 2021
session label: "sdb1"
session id: 849ac6ed-07c4-4324-9329-2166f7721e29
level: 0
resumed: NO
subtree: NO
streams: 1
stream 0:
pathname: /bak
start: ino 67 offset 0
end: ino 71 offset 0
interrupted: NO
media files: 1
media file 0:
mfile index: 0
mfile type: data
mfile size: 23608
mfile start: ino 67 offset 0
mfile end: ino 71 offset 0
media label: "sdb1"
media id: 16cd6699-0acf-49d2-bf1c-590e892ae96c
session 1: #增量备份
mount point: localhost.localdomain:/opt/bak
device: localhost.localdomain:/dev/sdb1
time: Mon May 17 23:13:28 2021
session label: "sdb1"
session id: 4c4a1c38-4b9c-4252-842b-83bca5a2ef75
level: 0
resumed: NO
subtree: NO
streams: 1
stream 0:
pathname: /bak1
start: ino 74 offset 0
end: ino 78 offset 0
interrupted: NO
media files: 1
media file 0:
mfile index: 0
mfile type: data
mfile size: 23608
mfile start: ino 74 offset 0
mfile end: ino 78 offset 0
media label: "sdb1"
media id: 94c9fab6-a09c-47e3-9d32-191231d9b5ae
xfsdump: Dump Status: SUCCESS
xfsdump使用限制
只能备份已挂载的文件系统
必须使用root的权限才能操作
只能备份XFS文件系统
备份后的数据只能让xfsrestore解析
不能备份两个具有相同UUID的文件系统
日志
日志的功能
日志用于记录系统、程序运行中发生的各种事件(例如修改密码,变更数据…),日志会将发生的事情记录下来然后通过阅读日志,会帮助你争端和解决系统故障
日志文件
内核及系统日志:由系统服务rsyslog统一进行管理,日志格式基本相似
用户日志:记录系统用户登录及退出系统的相关信息
程序日志:由各种应用程序独立管理的日志文件,记录格式不统一
日志消息的级别
| 级号 | 消息 | 级别 | 说明 |
|---|---|---|---|
| 0 | EMERG | 紧急 | 导致主机系统不可用的情况 |
| 1 | ALERT | 警告 | 必须马上采取措施结局的问题 |
| 2 | CRIT | 严重 | 比较严重的情况 |
| 3 | ERR | 错误 | 运行出现错误 |
| 4 | WARNING | 提醒 | 可能会影响系统功能的事件 |
| 5 | NOTICE | 注意 | 不会影响系统但值得注意 |
| 6 | INFO | 信息 | 一般信息 |
| 7 | DEBUG | 调试 | 程序或系统调试信息 |
日志的默认位置
/var/log #日志的默认保存位置
/var/log/messages #内核及公共消息日志
/var/log/cron #计划任务日志
/var/log/demesg #系统引导日志
/var/log/maillog #邮件系统日志
/var/log/lastlog #用户登录日志(最近的用户登录事件)
/var/log/secure #与用户验证相关的安全性事件
/var/log/wtmp #用户登录、注销及系统开关机事件
/var/run/utmp #当前登录的每个用户的详细信息
[root@localhost log]# lastlog #从进到远查看用户登录日志
用户名 端口 来自 最后登陆时间
root pts/0 192.168.10.102 一 5月 17 22:57:37 +0800 2021
bin **从未登录过**
daemon **从未登录过**
adm **从未登录过**
lp **从未登录过**
sync **从未登录过**
shutdown **从未登录过**
halt **从未登录过**
mail **从未登录过**
operator **从未登录过**
games **从未登录过**
ftp **从未登录过**
nobody **从未登录过**
systemd-network **从未登录过**
dbus **从未登录过**
polkitd **从未登录过**
libstoragemgmt **从未登录过**
colord **从未登录过**
rpc **从未登录过**
gluster **从未登录过**
saslauth **从未登录过**
abrt **从未登录过**
rtkit **从未登录过**
pulse **从未登录过**
radvd **从未登录过**
unbound **从未登录过**
chrony **从未登录过**
rpcuser **从未登录过**
nfsnobody **从未登录过**
qemu **从未登录过**
tss **从未登录过**
usbmuxd **从未登录过**
geoclue **从未登录过**
ntp **从未登录过**
sssd **从未登录过**
setroubleshoot **从未登录过**
saned **从未登录过**
gdm :0 一 5月 17 22:57:33 +0800 2021
gnome-initial-setup **从未登录过**
sshd **从未登录过**
avahi **从未登录过**
postfix **从未登录过**
tcpdump **从未登录过**
xy :0 五 4月 23 08:44:25 +0800 2021
apache **从未登录过**
[root@localhost log]# dmesg #也可以看记录的日志
[root@localhost log]# lastb #错误的登录
btmp begins Mon May 17 22:57:29 2021
[root@localhost log]# last
root pts/0 192.168.10.102 Mon May 17 22:57 still logged in
reboot system boot 3.10.0-957.el7.x Mon May 17 22:57 - 23:44 (00:46)
root pts/0 192.168.10.102 Mon May 17 22:57 - down (00:00)
root pts/0 192.168.10.102 Mon May 17 22:19 - 22:56 (00:37)
root pts/0 :0 Mon May 17 22:18 - 22:18 (00:00)
root :0 :0 Mon May 17 22:18 - down (00:39)
reboot system boot 3.10.0-957.el7.x Mon May 17 22:17 - 22:57 (00:39)
root pts/0 :0 Mon May 17 22:17 - 22:17 (00:00)
root pts/0 :0 Mon May 17 22:16 - 22:17 (00:00)
root pts/0 192.168.1.28 Mon May 17 18:54 - 20:07 (01:12)
root :0 :0 Mon May 17 18:53 - crash (03:23)
reboot system boot 3.10.0-957.el7.x Mon May 17 18:53 - 22:57 (04:04)
root pts/4 :1 Mon May 17 18:52 - 18:52 (00:00)
root pts/4 :1 Mon May 17 18:52 - 18:52 (00:00)
root pts/4 :1 Mon May 17 18:52 - 18:52 (00:00)
root pts/4 :1 Mon May 17 18:51 - 18:52 (00:00)
root pts/3 192.168.1.28 Mon May 17 17:35 - down (01:17)
root pts/3 :1 Fri Apr 23 14:42 - 14:46 (00:03)
root pts/1 192.168.1.102 Fri Apr 23 14:32 - down (24+04:20)
root pts/1 192.168.1.102 Fri Apr 23 14:00 - 14:32 (00:31)
root pts/1 :1 Fri Apr 23 14:00 - 14:00 (00:00)
root pts/1 :1 Fri Apr 23 13:59 - 14:00 (00:00)
root pts/2 192.168.1.102 Fri Apr 23 13:55 - down (24+04:57)
root pts/1 :1 Fri Apr 23 13:44 - 13:56 (00:11)
root pts/2 :1 Fri Apr 23 13:41 - 13:43 (00:02)
root pts/1 :1 Fri Apr 23 09:56 - 13:44 (03:48)
root pts/1 :1 Fri Apr 23 09:55 - 09:55 (00:00)
root pts/1 :1 Fri Apr 23 09:48 - 09:49 (00:00)
root :1 :1 Fri Apr 23 09:47 - down (24+09:05)
xy pts/0 :0 Fri Apr 23 08:59 - 18:52 (24+09:53)
xy pts/0 :0 Fri Apr 23 08:59 - 08:59 (00:00)
xy pts/0 :0 Fri Apr 23 08:49 - 08:58 (00:08)
xy pts/0 :0 Fri Apr 23 08:44 - 08:44 (00:00)
xy :0 :0 Fri Apr 23 08:44 - down (24+10:08)
reboot system boot 3.10.0-957.el7.x Fri Apr 23 08:42 - 18:52 (24+10:10)
xy pts/0 :0 Thu Apr 22 10:38 - 10:39 (00:00)
xy pts/0 :0 Thu Apr 22 10:38 - 10:38 (00:00)
xy :0 :0 Thu Apr 22 10:38 - down (00:01)
reboot system boot 3.10.0-957.el7.x Thu Apr 22 10:38 - 10:40 (00:02)
xy :0 :0 Thu Apr 22 09:55 - 10:05 (00:10)
reboot system boot 3.10.0-957.el7.x Thu Apr 22 09:54 - 10:05 (00:11)
wtmp begins Thu Apr 22 09:54:27 2021
rsyslog
属于一个守护进程,在后台工作
[root@localhost log]# systemctl status rsyslog.service #查看是否开启rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since 一 2021-05-17 22:57:30 CST; 48min ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 9295 (rsyslogd)
Tasks: 3
CGroup: /system.slice/rsyslog.service
└─9295 /usr/sbin/rsyslogd -n
5月 17 22:57:30 localhost.localdomain systemd[1]: Starting System Logging Service...
5月 17 22:57:30 localhost.localdomain rsyslogd[9295]: [origin software="rsyslogd" swVersion="8.24.0-...art
5月 17 22:57:30 localhost.localdomain systemd[1]: Started System Logging Service.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost log]# ps -ef | grep rsyslogd #查看进程
root 9295 1 0 22:57 ? 00:00:00 /usr/sbin/rsyslogd -n
root 11033 10246 0 23:48 pts/0 00:00:00 grep --color=auto rsyslogd
[root@localhost log]# vim /etc/rsyslog.conf #配置文件所在位置
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
"/etc/rsyslog.conf" 91L, 3232C
[root@localhost log]# journalctl -xe #Censto7才有额管理服务进程的
5月 17 23:45:13 localhost.localdomain dbus[8711]: [system] Activating via systemd: service name='org.freedes
5月 17 23:45:13 localhost.localdomain dhclient[9095]: bound to 192.168.10.104 -- renewal in 3470 seconds.
5月 17 23:45:13 localhost.localdomain systemd[1]: Starting Network Manager Script Dispatcher Service...
-- Subject: Unit NetworkManager-dispatcher.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit NetworkManager-dispatcher.service has begun starting up.
[root@localhost log]# journalctl -k #查看内核日志
-b #查看系统启动日志
-u httpd #查看httpd服务日志
417
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
