mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
translated
translated
This commit is contained in:
parent
1d17ceba27
commit
773421e230
@ -7,84 +7,89 @@
|
||||
[#]: publisher: " "
|
||||
[#]: url: " "
|
||||
|
||||
A Guide to systemd journal Maintenance [With Examples]
|
||||
systemd 日志维护指南 [附实例]
|
||||
======
|
||||
|
||||
**Systemd comes with many built-in features to manage the system logs. In this guide, we explain how you can manage system journals, logs and take action on them such as rotating, archiving, and clear logs.****We also explain the manual systems journal clean method and using config file changes.**
|
||||
**Systemd 内置了很多管理系统日志的功能。在本指南中,我们将介绍如何管理系统日志,并对其采取轮换(rotate)、归档和清除日志等操作。**
|
||||
|
||||
If your Linux distribution supports [systemd][1], then it collects logs from all processes, applications of the system every second which starts from the boot. All these logging events are managed by `journald` daemon of systemd. The journald collects all the logs (info, warnings, errors, etc) and stores them as binary data in the disk files.
|
||||
**我们还解释了手动系统日志清理方法和使用配置文件的变化。**
|
||||
|
||||
As the logs remain in the disk and every second it is collected, it takes up huge disk space; especially for older systems, servers. For example, in one of my test systems which are running for around one year, the log file size is in GBs.
|
||||
如果你的 Linux 发行版支持 [systemd][1],那么它每秒钟都会从系统的所有进程和应用程序中收集日志,并从启动时开始。所有这些日志事件都由 systemd 的 `journald` 守护程序管理。journald 收集所有的日志(信息、警告、错误等),并将其作为二进制数据存储在磁盘文件中。
|
||||
|
||||
If you manage multiple systems, servers, it is always recommended to properly manage journald logs for efficient operation. Let’s take a look at how you can manage the log files.
|
||||
由于日志保留在磁盘中,而且每秒钟都在收集,所以它占用了巨大的磁盘空间;特别是对于旧的系统、服务器。例如,在我的一个运行了一年左右的测试系统中,日志文件的大小是 GB 级的。
|
||||
|
||||
### The systemd journal Maintenance
|
||||
如果你管理多个系统、服务器,建议一定要正确管理 journald 日志,以便高效运行。让我们来看看如何管理日志文件。
|
||||
|
||||
Using the journalctl utility of systemd, you can query these logs, perform various operations on them. For example, viewing the log files from different boots, check for last warnings, errors from a specific process or applications. If you are unaware of these, I would suggest you quickly go through this tutorial – [“use journalctl to View and Analyze Systemd Logs [With Examples]][2]” before you follow this guide.
|
||||
### systemd 日志维护
|
||||
|
||||
#### Where are the physical journal log files?
|
||||
使用 systemd 的 journalctl 工具,你可以查询这些日志,对其进行各种操作。例如,查看不同启动时的日志文件,检查特定进程或应用程序的最后警告和错误。如果你对这些不了解,我建议你在学习本指南之前先快速浏览一下此教程--[《使用 journalctl 查看和分析 systemd 日志[With Examples]][2] 》。
|
||||
|
||||
The systemd’s journald daemon collects logs from every boot. That means, it classifies the log files as per the boot.
|
||||
#### 物理日记的日志文件在哪里?
|
||||
|
||||
The logs are stored as binary in the path `/var/log/journal` with a folder as machine id.
|
||||
systemd 的 journald 守护进程在每次启动时都会收集日志。这意味着,它根据启动情况对日志文件进行分类。
|
||||
|
||||
**For example:**
|
||||
日志以二进制形式存储在路径 `/var/log/journal`,文件夹为机器 ID。
|
||||
|
||||
![Screenshot of physical journal file -1][3]
|
||||
**比如说。**
|
||||
|
||||
![Screenshot of physical journal files -2][4]
|
||||
![日记文件的截图-1][3]
|
||||
|
||||
Also, remember that based on system configuration, runtime journal files are stored at `/run/log/journal/`. And these are removed in each boot.
|
||||
![日记文件的截图-2][4]
|
||||
|
||||
#### Can I manually delete the log files?
|
||||
另外,请记住,根据系统配置,运行时日志文件被存储在 `/run/log/journal/`。而这些在每次启动时都会被删除。
|
||||
|
||||
You can, but don’t do it. Instead, follow the below instructions to clear the log files to free up disk space using journalctl utilities.
|
||||
#### 我可以手动删除日志文件吗?
|
||||
|
||||
#### How much disk space is used by systemd log files?
|
||||
你可以,但不要这样做。相反,请按照下面的说明,使用 journalctl 工具清除日志文件以释放磁盘空间。
|
||||
|
||||
#### systemd 的日志文件占用了多少磁盘空间?
|
||||
|
||||
打开一个终端,运行以下命令。
|
||||
|
||||
Open up a terminal and run the below command.
|
||||
|
||||
```
|
||||
journalctl --disk-usage
|
||||
```
|
||||
|
||||
This should provide you with how much is actually used by the log files in your system.
|
||||
这应该为你提供系统中的日志文件实际使用的数量。
|
||||
|
||||
![journalctl disk usage command][5]
|
||||
![journalctl 磁盘使用命令][5]。
|
||||
|
||||
If you have a graphical desktop environment, you can open the file manager and browse the path `/var/log/journal` and check the properties.
|
||||
如果你有一个图形化的桌面环境,你可以打开文件管理器,浏览路径 `/var/log/journal`,并检查属性。
|
||||
|
||||
#### systemd journal clean process
|
||||
|
||||
The effective way of clearing the log files should be done by `journald.conf` a configuration files. Ideally, you should not manually delete the log files even if the journalctl provides the utility to do that.
|
||||
清理日志文件的有效方法应该是通过 `journald.conf` 一个配置文件来完成。理想情况下,即使 journalctl 提供了删除日志文件的工具,你也不应该手动删除这些文件。
|
||||
|
||||
Let’s take a look at how you can delete it [manually][6], then I will explain the configuration changes in `journald.conf` so that you do not need to manually delete the files from time to time; Instead, the systemd takes care of it automatically based on your configuration.
|
||||
让我们来看看如何[手动][6]删除它,然后我将解释 `journald.conf` 中的配置变化,这样你就不需要时不时地手动删除文件;相反,systemd 会根据你的配置自动处理它。
|
||||
|
||||
##### Manual delete
|
||||
##### 手动删除
|
||||
|
||||
First, you have to `flush` and `rotate` the log files. Rotating is a way of marking the current active log files as an archive and creating a fresh logfile from this moment. The flush switch asks the journal daemon to flush any log data stored in `/run/log/journal/` into `/var/log/journal/`, if persistent storage is enabled.
|
||||
首先,你必须 `flush` 和 `rotate` 日志文件。轮换(rotate)是将当前活动的日志文件归档,并立即开始创建一个新的日志文件继续记录日志。flush 开关要求日志守护进程将存储在 `/run/log/journal/` 中的所有日志数据冲入 `/var/log/journal/`,如果持久性存储被启用的话。
|
||||
|
||||
Then, after flushing and rotating, you need to run journalctl with`vacuum-size`, `vacuum-time`, and `vacuum-files` switches to force systemd to clear the logs.
|
||||
然后,在 `flush` 和 `rotate` 之后,你需要用 `vacuum-size`, `vacuum-time`, 和 `vacuum-files` 选项运行 journalctl 来强制 systemd 清除日志。
|
||||
|
||||
**例 1:**
|
||||
|
||||
**Example 1:**
|
||||
|
||||
```
|
||||
sudo journalctl --flush --rotate
|
||||
```
|
||||
|
||||
|
||||
```
|
||||
sudo journalctl --vacuum-time=1s
|
||||
```
|
||||
|
||||
The above set of commands removes all archived journal log files until the last second. This effectively clears everything. So, be careful while running the command.
|
||||
上面这组命令会删除所有存档的日志文件,直到最后一秒。这有效地清除了一切。因此,在运行该命令时要小心。
|
||||
|
||||
![journal clean up - example][7]
|
||||
![日记清理-例子][7]
|
||||
|
||||
After clean up:
|
||||
清理完毕后。
|
||||
|
||||
![After clean up - journal space usage][8]
|
||||
![清理后--日志的占用空间][8]
|
||||
|
||||
You can also provide the following suffixes as per your need following the number.
|
||||
你也可以根据你的需要在 `--vacuum-time` 的数字后面提供以下后缀。
|
||||
|
||||
- s: seconds
|
||||
- m: minutes
|
||||
@ -94,73 +99,79 @@ You can also provide the following suffixes as per your need following the numbe
|
||||
- weeks
|
||||
- years
|
||||
|
||||
**Example 2:**
|
||||
**例 2:**
|
||||
|
||||
|
||||
```
|
||||
sudo journalctl --flush --rotate
|
||||
```
|
||||
|
||||
|
||||
```
|
||||
sudo journalctl --vacuum-size=400M
|
||||
```
|
||||
|
||||
This clears all archived journal log files and retains the last 400MB files. Remember this switch applies to only archived log files only, not on active journal files. You can also use suffixes as below.
|
||||
这将清除所有存档的日志文件,并保留最后 400MB 的文件。记住这个开关只适用于存档的日志文件,不适用于活动的日志文件。你也可以使用后缀,如下所示。
|
||||
|
||||
- K: KB
|
||||
- M: MB
|
||||
- G: GB
|
||||
|
||||
**Example 3:**
|
||||
**例 3:**
|
||||
|
||||
|
||||
```
|
||||
sudo journalctl --flush --rotate
|
||||
```
|
||||
|
||||
|
||||
```
|
||||
sudo journalctl --vacuum-files=2
|
||||
```
|
||||
|
||||
The vacuum-files switch clears all the journal files below the number specified. So, in the above example, only the last 2 journal files are kept and everything else is removed. Again, this only works on the archived files.
|
||||
vacuum-files 选项会清除所有低于指定数量的日志文件。因此,在上面的例子中,只有最后两个日志文件被保留,其他的都被删除。同样,这只对存档的文件有效。
|
||||
|
||||
You can combine the switches if you want, but I would recommend not to. However, make sure to run with `--rotate` switch first.
|
||||
如果你愿意,你可以把两种选项结合起来,但我建议不要这样做。然而,如果同时使用两个选项,请确保先用 `--rotate` 选项运行。
|
||||
|
||||
### Automatic delete using config files
|
||||
### 使用配置文件自动删除
|
||||
|
||||
While the above methods are good and easy to use, it is recommended that you control the journal log file cleanup process using the journald configuration files which present at `/etc/systemd/journald.conf`.
|
||||
虽然上述方法很好,也很容易使用,但建议你使用 journald 配置文件来控制日志文件的清理过程,该文件存在于 `/etc/systemd/journald.conf`。
|
||||
|
||||
The systemd provides many parameters for you to effectively manage the log files. By combining these parameters you can effectively limit the disk space used by the journal files. Let’s take a look.
|
||||
systemd 为你提供了许多参数来有效管理日志文件。通过组合这些参数,你可以有效地限制日志文件所占用的磁盘空间。让我们来看看。
|
||||
|
||||
| **journald.conf parameter** | **Description** | **Example** |
|
||||
|**journald.conf参数**| **Description** | **Example** |
|
||||
| :- | :- | :- |
|
||||
| SystemMaxUse | Specifies the maximum disk space that can be used by the journal in persistent storage | SystemMaxUse=500M |
|
||||
| SystemKeepFree | Specifies the amount of space that the journal should leave free when adding journal entries to persistent storage. | SystemKeepFree=100M |
|
||||
| SystemMaxFileSize | Controls how large individual journal files can grow to in persistent storage before being rotated. | SystemMaxFileSize=100M |
|
||||
| RuntimeMaxUse | Specifies the maximum disk space that can be used in volatile storage (within the /run filesystem). | RuntimeMaxUse=100M |
|
||||
| RuntimeKeepFree | Specifies the amount of space to be set aside for other uses when writing data to volatile storage (within the /run filesystem). | RuntimeMaxUse=100M |
|
||||
| RuntimeMaxFileSize | Specifies the amount of space that an individual journal file can take up in volatile storage (within the /run filesystem) before being rotated. | RuntimeMaxFileSize=200M |
|
||||
| SystemMaxUse |指定日志在持久性存储中可使用的最大磁盘空间| SystemMaxUse=500M |
|
||||
| SystemKeepFree |指定在将日志条目添加到持久性存储时,日志应留出的空间量。| SystemKeepFree=100M |
|
||||
| SystemMaxFileSize |控制单个日志文件在被轮换之前在持久性存储中可以增长到多大。| SystemMaxFileSize=100M |
|
||||
| RuntimeMaxUse |指定在易失性存储中可以使用的最大磁盘空间(在/run 文件系统内)。| RuntimeMaxUse=100M |
|
||||
| RuntimeKeepFree |指定将数据写入易失性存储(在/run 文件系统内)时为其他用途预留的空间数量。| RuntimeMaxUse=100M |
|
||||
| RuntimeMaxFileSize |指定单个日志文件在被轮换之前在易失性存储(在/run 文件系统内)所能占用的空间量。| RuntimeMaxFileSize=200M |
|
||||
|
||||
如果你在运行中的系统的 `/etc/systemd/journald.conf` 文件中添加这些值,那么在更新文件后,你必须重新启动 journald。要重新启动,请使用以下命令。
|
||||
|
||||
If you add these values in a running system in `/etc/systemd/journald.conf` file, then you have to restart the journald after updating the file. To restart use the following command.
|
||||
|
||||
```
|
||||
sudo systemctl restart systemd-journald
|
||||
```
|
||||
|
||||
### Verification of log files
|
||||
### 核实日志文件
|
||||
|
||||
在你清理完文件后,检查日志文件的完整性是比较明智的。要做到这一点,请运行下面的命令。该命令显示了对日志文件的 PASS、FAIL。
|
||||
|
||||
It is wiser to check the integrity of the log files after you clean up the files. To do that run the below command. The command shows the PASS, FAIL against the journal file.
|
||||
|
||||
```
|
||||
journalctl --verify
|
||||
```
|
||||
|
||||
![verify log files][9]
|
||||
![验证日志文件][9]
|
||||
|
||||
### Closing Notes
|
||||
### 结案说明
|
||||
|
||||
I hope this guide helps you to understand the basics of the systemd journal management process. With these, you can manage the disk space used by the log files in your system or servers by limiting the space, clearing old log files. These are just the guideline commands, you can combine these in multiple ways to achieve your system demands.
|
||||
希望本指南能帮助你了解 systemd 日志管理流程的基本情况。通过这些,你可以通过限制空间、清除旧的日志文件来管理系统或服务器中的日志文件所使用的磁盘空间。这些只是指导性的命令,你可以通过多种方式组合这些命令来实现你的系统需求。
|
||||
|
||||
- [journalctl manual][10]
|
||||
- [journald.conf manual][11]
|
||||
- [journalctl 手册][10]
|
||||
- [journald.conf 手册][11]
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user