这不是一个直接的解决方案,但是我将启用一些调试功能,以了解幕后情况。
想法#1-调试记录器
对于初学者,当您运行logger
命令时,您可以这样做,将消息回显到STDERR。
$ logger -s "hi"
saml: hi
想法2-验证您的配置文件
您还可以尝试验证您的rsyslog配置文件:
$ sudo rsyslogd -N6 | head -10
rsyslogd: version 7.2.6, config validation run (level 6), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
6921.173842409:7f8b11df2780: rsyslogd 7.2.6 startup, module path '', cwd:/root
6921.175241008:7f8b11df2780: caller requested object 'net', not found (iRet -3003)
6921.175261977:7f8b11df2780: Requested to load module 'lmnet'
6921.175272711:7f8b11df2780: loading module '/lib64/rsyslog/lmnet.so'
6921.175505384:7f8b11df2780: module lmnet of type 2 being loaded (keepType=0).
6921.175520208:7f8b11df2780: entry point 'isCompatibleWithFeature' not present in module
6921.175528413:7f8b11df2780: entry point 'setModCnf' not present in module
6921.175535294:7f8b11df2780: entry point 'getModCnfName' not present in module
6921.175541502:7f8b11df2780: entry point 'beginCnfLoad' not present in module
想法3-启动rsyslogd调试
另外,我会尝试启用rsyslogd
守护程序调试以进一步了解。
$ sudo -i
$ export RSYSLOG_DEBUGLOG="/tmp/debuglog"
$ export RSYSLOG_DEBUG="Debug"
$ service rsyslog stop
$ rsyslogd -d | head -10
7160.005597645:7fae096a3780: rsyslogd 7.2.6 startup, module path '', cwd:/root
7160.005872662:7fae096a3780: caller requested object 'net', not found (iRet -3003)
7160.005895004:7fae096a3780: Requested to load module 'lmnet'
7160.005906331:7fae096a3780: loading module '/lib64/rsyslog/lmnet.so'
7160.006023505:7fae096a3780: module lmnet of type 2 being loaded (keepType=0).
7160.006030872:7fae096a3780: entry point 'isCompatibleWithFeature' not present in module
7160.006033780:7fae096a3780: entry point 'setModCnf' not present in module
7160.006036209:7fae096a3780: entry point 'getModCnfName' not present in module
7160.006038359:7fae096a3780: entry point 'beginCnfLoad' not present in module
...
...
7160.006063913:7fae096a3780: rsyslog runtime initialized, version 7.2.6, current users 1
7160.006102179:7fae096a3780: source file syslogd.c requested reference for module 'lmnet', reference count now 2
7160.006113657:7fae096a3780: GenerateLocalHostName uses 'greeneggs'
确认版本信息
$ rsyslogd -version
rsyslogd 7.2.6, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
uuid support: Yes
See http://www.rsyslog.com for more information.
确认的错误和解决方法
OP将其作为错误提交给Red Hat。
该错误的特征如下:
果然,当我设置主机自己的时间时,VM与主机具有相同的错误时间。那是我注意到/ var / log / messages不再被更新的时候。
事实证明,除了重新启动rsyslog服务本身日志到该点文件。如果我这样做,将被记录:
---
Apr 15 16:39:39 rhel7time-dev rsyslogd-3000: sd_journal_get_cursor() failed: 'Cannot assign requested address'
Apr 15 16:39:39 rhel7time-dev rsyslogd: [origin software="rsyslogd" swVersion="7.4.2" x-pid="574" x-info="http://www.rsyslog.com"] exiting on signal 15.
Apr 15 16:39:39 rhel7time-dev rsyslogd: [origin software="rsyslogd" swVersion="7.4.2" x-pid="2117" x-info="http://www.rsyslog.com"] start
---
否则,任何内容都不会记录到文件中,包括记录器。
如果我在rsyslog.conf中注释掉$ OmitLocalLogging,则恢复文件日志记录(注意,直到那时我还没有更改rsyslog.conf)。
通过日志记录不受所有这些影响。journalctl -b显示日志记录,包括记录程序发送的任何内容。
一位开发人员对此做出了回应:
发生此问题时,您可以删除/var/lib/rsyslog/imjournal.state
并重新启动守护程序作为一种解决方法。
rsyslog不会直接处理日期,而只能通过systemd API处理日期。我在imjournal中检查了一下代码,这看起来像systemd中的问题。
有关参考,请参见:https : //github.com/rsyslog/rsyslog/issues/43
/etc/rsyslog.conf
和/etc/rsyslog.d
目录。听起来您没有配置任何要路由到特定日志文件的内容。您也可以尝试指定EMERG
优先级的syslog消息以查看是否通过。示例:logger -p EMERG not really an emergency