rsyslog启动失败分析
# systemctl status rsyslog.service● rsyslog.service - System Logging ServiceLoaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)Active: failed (Result: signal) sin
# systemctl status rsyslog.service
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: failed (Result: signal) since 三 2021-04-21 10:45:22 CST; 15s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Process: 22264 ExecStartPost=/bin/bash /usr/bin/timezone_update.sh (code=exited, status=0/SUCCESS)
Process: 22260 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=killed, signal=SEGV)
Main PID: 22260 (code=killed, signal=SEGV)
4月 21 10:45:22 mycseuler systemd[1]: rsyslog.service: main process exited, code=killed, status=11/SEGV
4月 21 10:45:22 mycseuler systemd[1]: Unit rsyslog.service entered failed state.
4月 21 10:45:22 mycseuler systemd[1]: rsyslog.service failed.
4月 21 10:45:22 mycseuler systemd[1]: rsyslog.service holdoff time over, scheduling restart.
4月 21 10:45:22 mycseuler systemd[1]: Stopped System Logging Service.
4月 21 10:45:22 mycseuler systemd[1]: start request repeated too quickly for rsyslog.service
4月 21 10:45:22 mycseuler systemd[1]: Failed to start System Logging Service.
4月 21 10:45:22 mycseuler systemd[1]: Unit rsyslog.service entered failed state.
4月 21 10:45:22 mycseuler systemd[1]: rsyslog.service failed.
原因分析:
查看 /etc/rsyslog.conf
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
$FileGroup root
$FileOwner root
$FileCreateMode 0640
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_FileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile /run/log/journal/imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
local5.* /var/log/local5.log
# make gtls driver the default and set certificate files
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/root/cert/ca.pem"
DefaultNetstreamDriverCertFile="/root/cert/cert.pem"
DefaultNetstreamDriverKeyFile="/root/cert/key.pem"
)
module(load="imfile")
# File 1
input(type="imfile"
File="/var/log/local5.log"
Tag="local5:"
Severity="info"
Facility="local5")
# set up the action for local5 messages
action(
type="omfwd"
protocol="tcp"
port="514"
target="192.168.5.88"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="x509/certvalid"
)
input 模块中的File配置File="/var/log/local5.log"和系统日志local5.* /var/log/local5.log
存在冲突!!
系统日志可以直接转发到第三方日志syslog服务器,无需单独配置,删除掉错误的input模块即可。
更多推荐
所有评论(0)