In the daily work of restoring the accidentally deleted syslog & mdash;/var/log/messages software development in Linux, log files are often cleared out to facilitate problem locating. However, a common mistake for Linux beginners is to delete the log file directly, rather than deleting the log file content ....
In the daily work of restoring the accidentally deleted syslog-/var/log/messages software development in Linux, we often clear the log files for the convenience of locating the problem. However, a common mistake for Linux beginners is to delete the log file directly, rather than deleting the log file content. Directly deleting a log file often prevents the newly generated log records from being written to the log file (because it has already been deleted), and only re-creates the log file (touch) files with the same name cannot solve the problem. The following uses the Unbutu system as an example to explain how to restore the accidentally deleted syslog: www.2cto.com. first, run the following lsof command as the root user, query the process ID (PID) of the process that opens the/var/log/messages file ). Shell code root @ viscent:/var/log # lsof | grep messages rsyslogd 544 syslog 7 w REG 8, 1 214641 134422/var/log/messages can be seen from the command output above, the PID of the process that opened the/var/log/messages file is 544, and the file descriptor (FD) of the file/var/log/messages is 7. Based on the above PID and FD, you can find the corresponding file in/proc: Shell code root @ viscent: /var/log # ls-al/proc/544/fd/7 l-wx ------ 1 root 64 2012-07-14 7->/var/log/messages www.2cto.com /544/fd/7 copy to/var/log/messages Shell code cp/proc/544/fd/7/var/log/messages and restart the syslog service to restore deleted by mistake. log file, in addition, new logs can be written into log files. Run the service command as the root user. Among them, the 2nd parameters of the service command may be syslog or rsyslog. You can use the command to query the details. Www.2cto.com Shell code root @ viscent:/proc/544/fd # service -- status-all [? ]... [?] Rc. local [?] Rsyslog [?] Screen-cleanup [? ]... Shell code root @ viscent:/proc/544/fd # service rsyslog restart rsyslog start/running, process 2673 BTW. the command used to clear log files should be: shell code cat/dev/null>/var/log/messages
SOURCE http://viscent.iteye.com/
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
