Linux
即使有 rsyslog 配置,日誌也不會進入日誌文件
我面臨問題。我有兩個不同的
harpxoylinux 伺服器(在不同的網路範圍內)。在一台伺服器上,我可以看到日誌文件中生成了日誌,但在另一台伺服器上,日誌文件中沒有生成日誌。我已經比較了來自兩台伺服器的幾乎所有可能的配置文件,它們看起來相同,但仍然找不到問題所在的線索。
Working伺服器 -[root@<hostname> ~]# tail -f /var/log/haproxy*.log ==> /var/log/haproxy.log <== ==> /var/log/haproxy-status.log <== ==> /var/log/haproxy-traffic.log <== Oct 28 20:32:48 localhost haproxy[1347]: source_ip:52675 [28/Oct/2021:20:32:46.269] ssl~ logs/es_server1 98/0/1/1391/1950 200 103475 - - --VN 43/0/0/0/0 0/0 "POST /api/telemetry/v2/clusters/_stats HTTP/1.1" Oct 28 20:33:47 localhost haproxy[1347]: source_ip:52709 [28/Oct/2021:20:33:46.294] ssl~ logs/es_server1 125/0/0/1426/1589 200 103369 - - --VN 43/0/0/0/0 0/0 "POST /api/telemetry/v2/clusters/_stats HTTP/1.1"文件的所有權
-rw------- 1 root root 0 Jan 19 2020 /var/log/haproxy-status.log -rw------- 1 root root 1980957 Oct 28 20:45 /var/log/haproxy-traffic.log [root@<hostname> ~]#ls -l /etc/rsyslog.d/haproxy.conf -rw-r--r-- 1 root root 265 Jan 14 2020 /etc/rsyslog.d/haproxy.conf
/etc/rsyslog.d/haproxy.conf# Collect log with UDP $ModLoad imudp $UDPServerAddress 127.0.0.1 $UDPServerRun 514 # Creating separate log files based on the severity local0.* /var/log/haproxy-traffic.log local0.notice /var/log/haproxy-admin.log # don't put anything in /var/log/messages & stop
rsyslog.conf文件 -
[root@<hostname> ~]# cat /etc/rsyslog.conf |grep -v '#'$WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log local6.*,auth.*,authpriv.* @10.1.x.x
/etc/haproxy/haproxy.cfg文件 -global user haproxy group haproxy daemon stats socket 127.0.0.1:14567 log 127.0.0.1:514 local0 debug defaults mode http log /dev/log local1 notice timeout connect 5000ms timeout client 50000ms timeout server 50000ms option httpclose option forwardfor except 127.0.0.0/8 option redispatch option abortonclose option httplog option dontlognull . .配置中提到的兩個埠
haproxy都已啟動。[root@<hostname> ~]# netstat -tulnp |grep 514 udp 0 0 127.0.0.1:514 0.0.0.0:* 1309/rsyslogd [root@<hostname> ~]# [root@<hostname> ~]# netstat -antp |grep 14567 tcp 0 0 127.0.0.1:14567 0.0.0.0:* LISTEN 1347/haproxy [root@<hostname> ~]#
logs-
journalctl -fu rsyslogOct 28 15:00:10 <hostname> rsyslogd[1309]: imjournal: journal reloaded... [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/0 ] Oct 28 20:40:54 <hostname> rsyslogd[1309]: imjournal: journal reloaded... [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/0 ]
[root@<hostname> ~]# journalctl -fu haproxy-- Logs begin at Wed 2021-10-27 02:30:13 +03. -- Oct 27 20:28:29 <hostname> haproxy[1347]: Server tomcat-apps/App_server1 is DOWN, reason: Layer7 timeout, check duration: 2001ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.訪問日誌也出現在
message日誌中。
cat /var/log/messages | grep haproxyOct 28 21:27:47 localhost haproxy[1347]: source_ip:54604 [28/Oct/2021:21:27:46.309] ssl~ logs/es_server1 98/0/1/1364/1550 200 103362 - - --VN 43/0/0/0/0 0/0 "POST /api/telemetry/v2/clusters/_stats HTTP/1.1" Oct 28 21:28:47 localhost haproxy[1347]: source_ip:54635 [28/Oct/2021:21:28:46.307] ssl~ logs/es_server1 151/0/0/1397/1647 200 103361 - - --VN 43/0/0/0/0 0/0 "POST /api/telemetry/v2/clusters/_stats HTTP/1.1"
Non-working伺服器 -以下文件沒有登錄
[root@<hostname> ~]# tail -f /var/log/haproxy*.log ==> /var/log/haproxy.log <== ==> /var/log/haproxy-status.log <== ==> /var/log/haproxy-traffic.log <==所有權與上述相同
[root@<hostname> ~]# ls -l /var/log/haproxy*.log -rw------- 1 root root 0 Sep 4 2020 /var/log/haproxy.log -rw------- 1 root root 0 Sep 4 2020 /var/log/haproxy-status.log -rw------- 1 root root 0 Oct 28 20:23 /var/log/haproxy-traffic.log [root@<hostname> ~]#ls -l /etc/rsyslog.d/haproxy.conf -rw-r--r-- 1 root root 265 Aug 4 20:15 /etc/rsyslog.d/haproxy.conf
/etc/rsyslog.d/haproxy.conf# Collect log with UDP $ModLoad imudp $UDPServerAddress 127.0.0.1 $UDPServerRun 514 # Creating separate log files based on the severity local0.* /var/log/haproxy-traffic.log local0.notice /var/log/haproxy-admin.log # don't put anything in /var/log/messages & stop
cat /etc/rsyslog.conf |grep -v '#'$WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log local6.* @@10.1.x.x
/etc/haproxy/haproxy.cfg文件global user haproxy group haproxy daemon stats socket 127.0.0.1:14567 log 127.0.0.1:514 local0 debug defaults mode http log /dev/log local1 notice timeout connect 5000ms timeout client 50000ms timeout server 50000ms option httpclose option forwardfor except 127.0.0.0/8 option redispatch option abortonclose option httplog option dontlognull
ports- 這裡有一些連接處於TIME_WAIT埠狀態14567[root@<hostname> ~]# netstat -tulnp |grep 514 udp 0 0 127.0.0.1:514 0.0.0.0:* 21740/rsyslogd [root@<hostname> ~]# [root@<hostname> ~]# netstat -antp |grep 14567 tcp 0 0 127.0.0.1:14567 0.0.0.0:* LISTEN 18749/haproxy tcp 0 0 127.0.0.1:14567 127.0.0.1:36168 TIME_WAIT - tcp 0 0 127.0.0.1:14567 127.0.0.1:36170 TIME_WAIT - tcp 0 0 127.0.0.1:14567 127.0.0.1:36242 TIME_WAIT - tcp 0 0 127.0.0.1:14567 127.0.0.1:36348 TIME_WAIT - tcp 0 0 127.0.0.1:14567 127.0.0.1:36332 TIME_WAIT -檢查
logs但沒有找到與此問題相關的任何內容。journalctl -fu rsyslog Oct 28 21:00:01 <hostname> rsyslogd[21740]: action 'action 9' resumed (module 'builtin:omfwd') [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2359 ] Oct 28 21:00:01 <hostname> rsyslogd[21740]: action 'action 9' resumed (module 'builtin:omfwd') [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2359 ][root@<hostname> ~]# journalctl -fu haproxy -- Logs begin at Thu 2021-10-28 10:23:25 +03. -- Oct 28 16:34:17 <hostname> haproxy[11346]: Proxy stats started. Oct 28 19:59:29 <hostname> systemd[1]: Stopping HAProxy Load Balancer... Oct 28 19:59:29 <hostname> haproxy-systemd-wrapper[11345]: haproxy-systemd-wrapper: SIGTERM -> 11347. Oct 28 19:59:29 <hostname> haproxy[18748]: Proxy ssl started. Oct 28 19:59:29 <hostname> haproxy[18748]: Proxy stats started.這裡的
message日誌文件有haproxy access日誌,但它不會進入其單獨的文件。cat /var/log/messages | grep haproxy Oct 28 10:19:52 <hostname> audispd: node=<hostname> type=SERVICE_START msg=audit(1635405592.054:45): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=haproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Oct 28 10:19:52 <hostname> haproxy[1749]: Proxy ssl-pingaccess started. Oct 28 10:19:52 <hostname> haproxy[1749]: Proxy ssl started. Oct 28 10:19:52 <hostname> haproxy[1749]: Server ssl-pingaccess/192.168.157.41 is DOWN, reason: Layer4 connection problem, info: "Connection error during SSL handshake (Connection refused) at initial connection step of tcp-check", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Oct 28 10:19:52 <hostname> haproxy[1749]: backend ssl-pingaccess has no server available!這些文件在兩台伺服器上都是相同的
both are same /usr/lib/systemd/system/rsyslog.service /usr/lib/systemd/system/haproxy.service /etc/sysconfig/haproxy /etc/sysconfig/rsyslog /etc/logrotate.d/haproxy都有
rsyslog-8.24.0-57.el7_9.1.x86_64和haproxy-1.5.18-9.el7_9.1.x86_64包。兩台伺服器上的配置幾乎相同,但在非工作伺服器上,日誌不會進入其自己的日誌文件。
任何人都可以請幫忙。
謝謝,
在前端部分下添加以下行後,日誌現在正在日誌文件中生成。
log 127.0.0.1:514 local0 debug