Ubuntu24.04LTS で /var/log/messages にログを記録する
Ubuntu24.04LTS はログを journald で取得しており、デフォルトでは /var/log/messages にメッセージを残しません。 rsyslog を使って /var/log/messages にログを残す手順をメモしておきます。
検証環境
| 対象 |
バージョン |
| Ubuntu |
24.04LTS |
| rsyslog |
8.2312.0 |
事前準備
rsyslog の設定である /etc/rsyslog.d/50-default.conf 中に /var/log/messages へのログ出力に関する記載がありますが、デフォルトではコメントアウトされています。 このコメントアウトを解除します。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50 | cat << 'EOF' > /etc/rsyslog.d/50-default.conf
# Default rules for rsyslog.
#
# For more information see rsyslog.conf(5) and /etc/rsyslog.conf
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
#daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
#lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
#user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info -/var/log/mail.info
#mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Some "catch-all" log files.
#
#*.=debug;\
# auth,authpriv.none;\
# news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
EOF
|
rsyslog を再起動して設定変更を反映します。
systemctl restart rsyslog.service
ログローテーションの設定
このままではログファイルが肥大化してしまう為、/var/log/messages をログローテーションの対象にします。 デフォルトの状態では /var/log/messages に関する定義が無い為、以下の内容で /etc/logrotate.d/syslog を新規作成します。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | cat << 'EOF' > /etc/logrotate.d/syslog
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
EOF
|
設定が完了したら一度、ログローテーションをドライラン (実際には変更せず、テスト実行すること) を試してみます。 ドライランは logrotate -d /etc/logrotate.conf で実行出来ます。 実行例は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199 | # logrotate -d /etc/logrotate.conf
warning: logrotate in debug mode does nothing except printing debug messages! Consider using verbose mode (-v) instead if this is not what you want.
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file alternatives
reading config file apport
reading config file apt
reading config file bootlog
reading config file btmp
reading config file cloud-init
reading config file dpkg
reading config file rsyslog
reading config file syslog
reading config file ubuntu-pro-client
reading config file ufw
reading config file unattended-upgrades
reading config file wtmp
Reading state from file: /var/lib/logrotate/status
state file /var/lib/logrotate/status does not exist
Allocating hash table for state file, size 64 entries
Handling 14 logs
rotating pattern: /var/log/alternatives.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/alternatives.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/apport.log after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/apport.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/apt/term.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/apt/term.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/apt/history.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/apt/history.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/boot.log
after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/boot.log
log /var/log/boot.log does not exist -- skipping
Creating new state
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/btmp monthly (1 rotations)
empty log files are rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/btmp
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/cloud-init*.log
1048576 bytes (6 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/cloud-init-output.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log size is below the 'size' threshold)
considering log /var/log/cloud-init.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log size is below the 'size' threshold)
rotating pattern: /var/log/dpkg.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/dpkg.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/syslog
/var/log/mail.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/cron.log
weekly (4 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/syslog
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
considering log /var/log/mail.log
log /var/log/mail.log does not exist -- skipping
Creating new state
considering log /var/log/kern.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
considering log /var/log/auth.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
considering log /var/log/user.log
log /var/log/user.log does not exist -- skipping
Creating new state
considering log /var/log/cron.log
log /var/log/cron.log does not exist -- skipping
Creating new state
not running postrotate script, since no logs were rotated
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/messages
weekly (4 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/messages
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
not running postrotate script, since no logs were rotated
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/ubuntu-advantage*.log monthly (6 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/ubuntu-advantage*.log
log /var/log/ubuntu-advantage*.log does not exist -- skipping
Creating new state
rotating pattern: /var/log/ufw.log
weekly (4 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/ufw.log
log /var/log/ufw.log does not exist -- skipping
Creating new state
not running postrotate script, since no logs were rotated
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/unattended-upgrades/unattended-upgrades.log
/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
/var/log/unattended-upgrades/unattended-upgrades-shutdown.log
monthly (6 rotations)
empty log files are not rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/unattended-upgrades/unattended-upgrades.log
log /var/log/unattended-upgrades/unattended-upgrades.log does not exist -- skipping
Creating new state
considering log /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
log /var/log/unattended-upgrades/unattended-upgrades-dpkg.log does not exist -- skipping
Creating new state
considering log /var/log/unattended-upgrades/unattended-upgrades-shutdown.log
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
rotating pattern: /var/log/wtmp monthly (1 rotations)
empty log files are rotated, only log files >= 1048576 bytes are rotated, old logs are removed
switching euid from 0 to 0 and egid from 0 to 4 (pid 1261)
considering log /var/log/wtmp
Creating new state
Now: 2024-08-10 11:32
Last rotated at 2024-08-10 11:00
log does not need rotating (log has already been rotated)
switching euid from 0 to 0 and egid from 4 to 0 (pid 1261)
|
参考
参考 URL
Ubuntu24.04LTS
/etc/logrotate.d/rsyslog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 | /var/log/syslog
/var/log/mail.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/cron.log
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
|
/usr/lib/rsyslog/rsyslog-rotate
| #!/bin/sh
if [ -d /run/systemd/system ]; then
systemctl kill -s HUP rsyslog.service
fi
|
/etc/cron.daily/logrotate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 | #!/bin/sh
# skip in favour of systemd timer
if [ -d /run/systemd/system ]; then
exit 0
fi
# this cronjob persists removals (but not purges)
if [ ! -x /usr/sbin/logrotate ]; then
exit 0
fi
/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit $EXITVALUE
|
CentOS6
/etc/logrotate.d/syslog
| /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
|