说明:本文适配centos7.9配置日志轮转,每周轮转,共保存182天
| linux服务器开启日志审计功能,可对audit日志、messages日志、cron日志、secure日志进行记录,服务器本地日志审计时间均未满足6个月,日志已上传日志审计,但仅能查看到178天的日志。 | Web服务器 (172.22.3.2) 数据库服务器1 (172.22.3.129) 数据库服务器2 (172.22.3.130) 应用服务器 (172.22.3.131) Web服务器 (172.22.3.3) 数据库服务器 (172.22.3.133) 应用服务器1 (172.22.3.134) 应用服务器2 (172.22.3.135) | 高 | 建议Linux服务器配置日志轮询,既以周为单位轮询 26 次,即 182天(6个月左右),每周压缩保存日志,日志文件以日期作为扩展名,忽略错误,忽略空文件,延迟压缩,最终达到本地日志保存的目的,保证日志存储时间达到6个月以上。 |
|---|
配置前检查
# 查看系统版本
cat /etc/redhat-release
# 检查 rsyslog 服务
systemctl status rsyslog
# 检查 logrotate 状态文件
cat /var/lib/logrotate/logrotate.status
# 查看有效配置(去除注释和空行)
cat /etc/rsyslog.conf | grep -v "^#" | grep -v "^$"
# 测试配置语法
rsyslogd -N1
# 查看 SELinux 状态(selinux切换Permissive)
getenforce
配置过程
# 创建日志文件
sudo touch /var/log/cron /var/log/{messages,secure,cron,maillog}
# 设置权限
sudo chmod 600 /var/log/cron /var/log/{messages,secure,cron,maillog}
# 设置所有者
sudo chown root:root /var/log/cron /var/log/{messages,secure,cron,maillog}
# 验证
ls -lh /var/log/{messages,secure,cron,maillog}
# 备份 syslog 配置
cp /etc/logrotate.d/syslog /etc/logrotate.d/syslog.bak.$(date +%Y%m%d)
# 验证备份
ls -lh /etc/logrotate.d/syslog*
cat > /etc/logrotate.d/syslog << 'EOF'
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
weekly
rotate 26
create 0600 root root
compress
delaycompress
missingok
notifempty
dateext
dateformat -%Y%m%d
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
EOF
# 测试配置语法(debug 模式)
logrotate -dv /etc/logrotate.d/syslog
# 查看当前轮转状态
cat /var/lib/logrotate/logrotate.status
# 临时禁用
setenforce 0
# 验证
getenforce
# 重启服务
systemctl restart rsyslog
# 检查服务状态
systemctl status rsyslog
# 写入测试日志
logger -p cron.info "Test cron log entry"
logger -p mail.info "Test mail log entry"
logger -p auth.info "Test auth log entry"
logger "Test general message"
# 查看日志文件
ls -lh /var/log/{messages,secure,cron,maillog}
# 查看日志内容
echo "=== messages ==="
tail -3 /var/log/messages
echo "=== secure ==="
tail -3 /var/log/secure
echo "=== cron ==="
tail -3 /var/log/cron
echo "=== maillog ==="
tail -3 /var/log/maillog
#测试 logrotate 轮转
# 强制执行轮转
logrotate -f /etc/logrotate.d/syslog
# 查看更新后的状态
cat /var/lib/logrotate/logrotate.status
# 查看轮转后的文件
ls -lht /var/log/{messages,secure,cron,maillog}*
# 写入新日志
logger -p cron.info "After rotation test"
logger -p mail.info "After rotation test"
# 查看新日志
tail -3 /var/log/cron
tail -3 /var/log/maillog
完整功能验证
# 1. 检查所有日志文件
ls -lh /var/log/{messages,secure,cron,maillog}
# 2. 检查 rsyslog 服务
systemctl status rsyslog
# 3. 写入最终测试日志
logger "Final verification - $(date)"
logger -p cron.info "Final verification - cron"
logger -p mail.info "Final verification - mail"
logger -p auth.info "Final verification - auth"
# 4. 验证日志写入
tail -2 /var/log/messages
tail -2 /var/log/cron
tail -2 /var/log/maillog
tail -2 /var/log/secure
# 5. 测试 logrotate 配置
logrotate -dv /etc/logrotate.d/syslog | head -20
# 6. 查看轮转历史
ls -lht /var/log/messages-* | head -5
# 7. 查看 cron 定时任务
ls -lh /etc/cron.daily/logrotate
自动化脚本:setup_log_rotation.sh
#!/bin/bash
#
# 脚本名称: setup_log_rotation.sh
# 功能描述: CentOS 7.9 系统日志轮转配置自动化脚本
# 版本: 1.1 (修复版)
#
# 移除全局 set -e,改为局部错误处理
# set -e # 注释掉这行
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# 日志函数
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_section() {
echo -e "\n${BLUE}========================================${NC}"
echo -e "${BLUE}$1${NC}"
echo -e "${BLUE}========================================${NC}\n"
}
# 检查是否为 root 用户
check_root() {
if [[ $EUID -ne 0 ]]; then
log_error "此脚本必须以 root 用户运行"
exit 1
fi
}
# 配置前检查
pre_check() {
log_section "1. 配置前检查"
log_info "系统版本:"
cat /etc/redhat-release
echo ""
log_info "检查 rsyslog 服务状态:"
systemctl status rsyslog --no-pager || true
echo ""
log_info "当前 logrotate 状态:"
cat /var/lib/logrotate/logrotate.status | grep -E "cron|maillog|messages|secure" || true
echo ""
log_info "rsyslog 有效配置:"
cat /etc/rsyslog.conf | grep -v "^#" | grep -v "^$" | head -20
echo ""
log_info "测试 rsyslog 配置语法:"
rsyslogd -N1
echo ""
log_info "当前 SELinux 状态:"
getenforce
echo ""
}
# 创建日志文件
create_log_files() {
log_section "2. 创建日志文件"
log_info "创建日志文件..."
touch /var/log/cron /var/log/maillog /var/log/messages /var/log/secure 2>/dev/null || true
log_info "设置日志文件权限为 600..."
chmod 600 /var/log/{messages,secure,cron,maillog}
log_info "设置日志文件所有者为 root:root..."
chown root:root /var/log/{messages,secure,cron,maillog}
log_info "验证日志文件:"
ls -lh /var/log/{messages,secure,cron,maillog}
echo ""
}
# 备份并配置 logrotate
configure_logrotate() {
log_section "3. 配置 logrotate"
log_info "备份原配置文件..."
cp /etc/logrotate.d/syslog /etc/logrotate.d/syslog.bak.$(date +%Y%m%d_%H%M%S)
log_info "验证备份:"
ls -lh /etc/logrotate.d/syslog* | tail -3
echo ""
log_info "写入新的 logrotate 配置..."
cat > /etc/logrotate.d/syslog << 'EOF'
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
weekly
rotate 26
create 0600 root root
compress
delaycompress
missingok
notifempty
dateext
dateformat -%Y%m%d
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
EOF
log_info "新配置内容:"
cat /etc/logrotate.d/syslog
echo ""
log_info "测试 logrotate 配置语法:"
logrotate -dv /etc/logrotate.d/syslog 2>&1 | head -30
echo ""
}
# SELinux 处理
handle_selinux() {
log_section "4. SELinux 配置"
local current_mode=$(getenforce)
log_info "当前 SELinux 模式: $current_mode"
if [[ "$current_mode" == "Enforcing" ]]; then
log_warn "检测到 SELinux 为 Enforcing 模式"
read -p "是否临时切换到 Permissive 模式以便测试?(y/n): " choice
if [[ "$choice" == "y" || "$choice" == "Y" ]]; then
log_info "临时禁用 SELinux..."
setenforce 0
log_info "新的 SELinux 状态:"
getenforce
else
log_info "保持当前 SELinux 状态"
fi
fi
echo ""
}
# 重启 rsyslog 服务
restart_rsyslog() {
log_section "5. 重启 rsyslog 服务"
log_info "重启 rsyslog 服务..."
systemctl restart rsyslog
log_info "检查服务状态:"
systemctl status rsyslog --no-pager
echo ""
}
# 测试日志写入
test_logging() {
log_section "6. 测试日志写入"
log_info "写入测试日志..."
logger -p cron.info "Test cron log entry"
logger -p mail.info "Test mail log entry"
logger -p auth.info "Test auth log entry"
logger "Test general message"
sleep 2
log_info "查看日志文件:"
ls -lh /var/log/{messages,secure,cron,maillog}
echo ""
echo -e "${BLUE}=== messages ===${NC}"
tail -3 /var/log/messages
echo ""
echo -e "${BLUE}=== secure ===${NC}"
tail -3 /var/log/secure
echo ""
echo -e "${BLUE}=== cron ===${NC}"
tail -3 /var/log/cron
echo ""
echo -e "${BLUE}=== maillog ===${NC}"
tail -3 /var/log/maillog
echo ""
}
# 测试日志轮转 (改进版)
test_rotation() {
log_section "7. 测试日志轮转"
log_warn "即将进行强制日志轮转测试"
read -p "确认继续?(y/n): " choice
if [[ "$choice" != "y" && "$choice" != "Y" ]]; then
log_warn "跳过轮转测试"
return
fi
log_info "强制执行日志轮转..."
# 捕获 logrotate 的输出和错误
if logrotate -fv /etc/logrotate.d/syslog > /tmp/logrotate_output.log 2>&1; then
log_info "日志轮转执行成功"
cat /tmp/logrotate_output.log
else
local exit_code=$?
log_error "日志轮转执行失败,退出码: $exit_code"
log_error "错误详情:"
cat /tmp/logrotate_output.log
# 即使失败也继续执行
log_warn "继续执行后续检查..."
fi
echo ""
log_info "查看轮转后的状态:"
cat /var/lib/logrotate/logrotate.status | grep -E "cron|maillog|messages|secure"
echo ""
log_info "查看轮转后的文件:"
ls -lht /var/log/{messages,secure,cron,maillog}* 2>/dev/null | head -10 || log_warn "未找到轮转文件"
echo ""
log_info "检查新日志文件是否创建..."
if [[ -f /var/log/messages && -f /var/log/cron && -f /var/log/maillog && -f /var/log/secure ]]; then
log_info "✓ 新日志文件已创建"
ls -lh /var/log/{messages,secure,cron,maillog}
else
log_error "✗ 新日志文件未创建!"
log_info "尝试手动创建..."
touch /var/log/{messages,secure,cron,maillog}
chmod 600 /var/log/{messages,secure,cron,maillog}
chown root:root /var/log/{messages,secure,cron,maillog}
systemctl restart rsyslog
fi
echo ""
log_info "测试轮转后日志写入..."
logger -p cron.info "After rotation test"
logger -p mail.info "After rotation test"
logger "After rotation general test"
sleep 2
log_info "验证新日志写入:"
echo -e "${BLUE}=== cron (轮转后) ===${NC}"
if [[ -f /var/log/cron ]]; then
tail -3 /var/log/cron
else
log_error "/var/log/cron 不存在"
fi
echo ""
echo -e "${BLUE}=== maillog (轮转后) ===${NC}"
if [[ -f /var/log/maillog ]]; then
tail -3 /var/log/maillog
else
log_error "/var/log/maillog 不存在"
fi
echo ""
echo -e "${BLUE}=== messages (轮转后) ===${NC}"
if [[ -f /var/log/messages ]]; then
tail -3 /var/log/messages
else
log_error "/var/log/messages 不存在"
fi
echo ""
}
# 完整功能验证
final_verification() {
log_section "8. 完整功能验证"
log_info "1. 检查所有日志文件:"
ls -lh /var/log/{messages,secure,cron,maillog} 2>/dev/null || log_error "部分日志文件缺失"
echo ""
log_info "2. 检查 rsyslog 服务:"
systemctl status rsyslog --no-pager
echo ""
log_info "3. 写入最终测试日志..."
logger "Final verification - $(date)"
logger -p cron.info "Final verification - cron"
logger -p mail.info "Final verification - mail"
logger -p auth.info "Final verification - auth"
sleep 2
log_info "4. 验证日志写入:"
echo -e "${BLUE}=== messages ===${NC}"
tail -2 /var/log/messages 2>/dev/null || log_error "无法读取 messages"
echo ""
echo -e "${BLUE}=== cron ===${NC}"
tail -2 /var/log/cron 2>/dev/null || log_error "无法读取 cron"
echo ""
echo -e "${BLUE}=== maillog ===${NC}"
tail -2 /var/log/maillog 2>/dev/null || log_error "无法读取 maillog"
echo ""
echo -e "${BLUE}=== secure ===${NC}"
tail -2 /var/log/secure 2>/dev/null || log_error "无法读取 secure"
echo ""
log_info "5. 测试 logrotate 配置:"
logrotate -dv /etc/logrotate.d/syslog 2>&1 | head -20
echo ""
log_info "6. 查看轮转历史:"
ls -lht /var/log/messages-* 2>/dev/null | head -5 || log_warn "暂无轮转历史"
echo ""
log_info "7. 查看 cron 定时任务:"
ls -lh /etc/cron.daily/logrotate
echo ""
}
# 生成配置报告
generate_report() {
log_section "9. 配置报告"
local report_file="/tmp/log_rotation_report_$(date +%Y%m%d_%H%M%S).txt"
cat > "$report_file" << EOF
========================================
日志轮转配置报告
========================================
生成时间: $(date)
主机名: $(hostname)
系统版本: $(cat /etc/redhat-release)
【配置文件】
$(cat /etc/logrotate.d/syslog)
【当前日志文件状态】
$(ls -lh /var/log/{messages,secure,cron,maillog} 2>/dev/null || echo "部分文件缺失")
【rsyslog 服务状态】
$(systemctl status rsyslog --no-pager 2>&1)
【logrotate 状态】
$(cat /var/lib/logrotate/logrotate.status | grep -E "cron|maillog|messages|secure")
【轮转历史】
$(ls -lht /var/log/messages-* 2>/dev/null | head -5 || echo "无轮转历史")
【SELinux 状态】
$(getenforce)
【最近日志测试】
$(tail -3 /var/log/messages 2>/dev/null || echo "无法读取")
========================================
配置完成状态: 成功
========================================
EOF
log_info "配置报告已生成: $report_file"
cat "$report_file"
}
# 主函数
main() {
log_section "CentOS 7.9 日志轮转配置脚本 v1.1"
check_root
pre_check
create_log_files
configure_logrotate
handle_selinux
restart_rsyslog
test_logging
test_rotation
final_verification
generate_report
log_section "配置完成"
log_info "所有步骤执行完毕!"
log_info "日志轮转将在每周自动执行,保留最近 26 周的日志"
log_info "旧日志将被压缩存储,最新轮转的日志不压缩"
echo -e "\n${GREEN}✓ 配置成功完成!${NC}\n"
}
# 执行主函数
main
测试验证
ls -lh /var/log/{messages,secure,cron,maillog}* && cat /etc/logrotate.d/syslog && hostname -I
