Part01-基础概念与理论知识
1.1 日志管理的重要性
日志管理是系统运维的重要组成部分,它可以帮助我们:
- 故障排查:通过日志快速定位和解决系统问题
- 性能分析:分析系统性能瓶颈,优化资源配置
- 安全审计:监控异常行为,发现安全威胁
- 合规要求:满足行业法规对日志保留的要求
- 容量管理:避免日志文件过大导致磁盘空间耗尽
1.2 日志分割策略
| 分割方式 | 特点 | 适用场景 |
|---|---|---|
| 按时间分割 | 按小时、天、周、月分割 | 大多数应用日志 |
| 按大小分割 | 达到指定大小时分割 | 高流量应用日志 |
| 按进程分割 | 每个进程独立日志文件 | 多进程应用 |
| 按级别分割 | 按日志级别(INFO、ERROR等)分割 | 需要区分日志级别 |
1.3 日志清理策略
- 时间保留:保留最近N天的日志
- 数量保留:保留最近N个日志文件
- 大小限制:限制日志总大小
- 压缩归档:对旧日志进行压缩
- 远程备份:将日志备份到远程服务器
Part02-实战环境准备与配置
2.1 创建测试日志目录
# mkdir -p /var/log/myapp
# mkdir -p /var/log/myapp/archive
# mkdir -p /var/log/myapp/backup
# 2. 查看目录结构
# tree /var/log/myapp
/var/log/myapp
├── archive
└── backup
2 directories, 0 files
# 3. 创建测试日志文件
# cat > /var/log/myapp/app.log << 'EOF'
2026-04-02 10:00:00 [INFO] Application started
2026-04-02 10:00:01 [INFO] Loading configuration
2026-04-02 10:00:02 [INFO] Database connection established
2026-04-02 10:00:03 [INFO] Server listening on port 8080
2026-04-02 10:00:04 [INFO] Ready to accept connections
2026-04-02 10:00:05 [DEBUG] Processing request from 192.168.1.100
2026-04-02 10:00:06 [INFO] Request processed successfully
2026-04-02 10:00:07 [WARN] Slow query detected: 2.5s
2026-04-02 10:00:08 [ERROR] Connection timeout: 192.168.1.200
2026-04-02 10:00:09 [INFO] Retrying connection...
2026-04-02 10:00:10 [INFO] Connection established
2026-04-02 10:00:11 [INFO] Request processed successfully
2026-04-02 10:00:12 [DEBUG] Processing request from 192.168.1.150
2026-04-02 10:00:13 [INFO] Request processed successfully
2026-04-02 10:00:14 [INFO] Application running normally
2026-04-02 10:00:15 [INFO] Health check passed
EOF
# 4. 查看日志文件
# cat /var/log/myapp/app.log
2026-04-02 10:00:00 [INFO] Application started
2026-04-02 10:00:01 [INFO] Loading configuration
2026-04-02 10:00:02 [INFO] Database connection established
2026-04-02 10:00:03 [INFO] Server listening on port 8080
2026-04-02 10:00:04 [INFO] Ready to accept connections
2026-04-02 10:00:05 [DEBUG] Processing request from 192.168.1.100
2026-04-02 10:00:06 [INFO] Request processed successfully
2026-04-02 10:00:07 [WARN] Slow query detected: 2.5s
2026-04-02 10:00:08 [ERROR] Connection timeout: 192.168.1.200
2026-04-02 10:00:09 [INFO] Retrying connection...
2026-04-02 10:00:10 [INFO] Connection established
2026-04-02 10:00:11 [INFO] Request processed successfully
2026-04-02 10:00:12 [DEBUG] Processing request from 192.168.1.150
2026-04-02 10:00:13 [INFO] Request processed successfully
2026-04-02 10:00:14 [INFO] Application running normally
2026-04-02 10:00:15 [INFO] Health check passed
# 5. 查看日志文件大小
# ls -lh /var/log/myapp/app.log
-rw-r--r--. 1 root root 1.2K Apr 2 10:00 /var/log/myapp/app.log
2.2 模拟日志增长
# cat > /tmp/generate_logs.sh << 'EOF' #!/bin/bash # 日志生成脚本 # 模拟应用日志持续增长 # 作者:fgedu # 日期:2026-04-02 LOG_FILE="/var/log/myapp/app.log" LOG_LINES=1000 echo "开始生成日志文件..." for i in $(seq 1 $LOG_LINES); do timestamp=$(date '+%Y-%m-%d %H:%M:%S') level=$((RANDOM % 4)) case $level in 0) level_str="[INFO]" ;; 1) level_str="[DEBUG]" ;; 2) level_str="[WARN]" ;; 3) level_str="[ERROR]" ;; esac message="Log message number $i - Random data: $RANDOM" echo "$timestamp $level_str $message" >> “$LOG_FILE”
if [ $((i % 100)) -eq 0 ]; then
echo “已生成 $i 行日志”
fi
done
echo “日志生成完成”
echo “总行数:$(wc -l < "$LOG_FILE")"
echo "文件大小:$(du -h "$LOG_FILE" | cut -f1)"
EOF
# 2. 设置脚本执行权限
# chmod +x /tmp/generate_logs.sh
# 3. 执行脚本生成日志
# /tmp/generate_logs.sh
开始生成日志文件...
已生成 100 行日志
已生成 200 行日志
已生成 300 行日志
已生成 400 行日志
已生成 500 行日志
已生成 600 行日志
已生成 700 行日志
已生成 800 行日志
已生成 900 行日志
已生成 1000 行日志
日志生成完成
总行数:1015
文件大小:125K
# 4. 查看日志文件大小
# ls -lh /var/log/myapp/app.log
-rw-r--r--. 1 root root 125K Apr 2 10:05 /var/log/myapp/app.log
# 5. 查看日志文件行数
# wc -l /var/log/myapp/app.log
1015 /var/log/myapp/app.log
Part03-核心命令实操演示
3.1 按日期分割日志脚本
# cat > /opt/scripts/log_rotate.sh << 'EOF' #!/bin/bash # 日志按日期分割脚本 # 功能:将日志文件按日期分割并归档 # 作者:fgedu # 日期:2026-04-02 # 定义变量 LOG_DIR="/var/log/myapp" LOG_FILE="$LOG_DIR/app.log" ARCHIVE_DIR="$LOG_DIR/archive" BACKUP_DIR="$LOG_DIR/backup" DATE=$(date +%Y%m%d) TIME=$(date +%H%M%S) ARCHIVE_FILE="$ARCHIVE_DIR/app_${DATE}_${TIME}.log" LOG_FILE_LOG="/var/log/log_rotate_$(date +%Y%m%d_%H%M%S).log" # 创建日志函数 log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE_LOG" } # 创建分隔线函数 separator() { echo "==========================================" | tee -a "$LOG_FILE_LOG" } # 开始分割日志 separator log "开始日志分割任务" separator log "日志文件:$LOG_FILE" log "归档目录:$ARCHIVE_DIR" log "归档文件:$ARCHIVE_FILE" separator # 检查日志文件是否存在 if [ ! -f "$LOG_FILE" ]; then log "错误:日志文件 $LOG_FILE 不存在" exit 1 fi # 创建归档目录 if [ ! -d "$ARCHIVE_DIR" ]; then log "创建归档目录:$ARCHIVE_DIR" mkdir -p "$ARCHIVE_DIR" fi # 获取日志文件信息 LOG_SIZE=$(du -h "$LOG_FILE" | cut -f1) LOG_LINES=$(wc -l < "$LOG_FILE") log "日志文件大小:$LOG_SIZE" log "日志文件行数:$LOG_LINES" # 检查日志文件是否为空 if [ "$LOG_LINES" -eq 0 ]; then log "警告:日志文件为空,跳过分割" exit 0 fi # 备份当前日志文件 log "备份当前日志文件..." cp "$LOG_FILE" "$ARCHIVE_FILE" # 检查备份是否成功 if [ $? -eq 0 ]; then BACKUP_SIZE=$(du -h "$ARCHIVE_FILE" | cut -f1) log "备份成功:$ARCHIVE_FILE (大小:$BACKUP_SIZE)" # 清空当前日志文件 log "清空当前日志文件..." > “$LOG_FILE”
log “日志文件已清空”
else
log “错误:备份失败”
exit 1
fi
# 显示归档目录内容
separator
log “归档目录内容:”
ls -lh “$ARCHIVE_DIR” | tee -a “$LOG_FILE_LOG”
# 完成分割
separator
log “日志分割完成”
separator
log “日志文件:$LOG_FILE”
log “归档文件:$ARCHIVE_FILE”
log “日志文件:$LOG_FILE_LOG”
separator
exit 0
EOF
# 2. 设置脚本执行权限
# chmod +x /opt/scripts/log_rotate.sh
# 3. 执行日志分割脚本
# /opt/scripts/log_rotate.sh
==========================================
[2026-04-02 12:00:00] 开始日志分割任务
==========================================
[2026-04-02 12:00:00] 日志文件:/var/log/myapp/app.log
[2026-04-02 12:00:00] 归档目录:/var/log/myapp/archive
[2026-04-02 12:00:00] 归档文件:/var/log/myapp/archive/app_20260402_120000.log
==========================================
[2026-04-02 12:00:00] 日志文件大小:125K
[2026-04-02 12:00:00] 日志文件行数:1015
[2026-04-02 12:00:00] 备份当前日志文件…
[2026-04-02 12:00:00] 备份成功:/var/log/myapp/archive/app_20260402_120000.log (大小:125K)
[2026-04-02 12:00:00] 清空当前日志文件…
[2026-04-02 12:00:00] 日志文件已清空
==========================================
[2026-04-02 12:00:00] 归档目录内容:
total 125K
-rw-r–r–. 1 root root 125K Apr 2 12:00:00 app_20260402_120000.log
==========================================
[2026-04-02 12:00:00] 日志分割完成
==========================================
[2026-04-02 12:00:00] 日志文件:/var/log/myapp/app.log
[2026-04-02 12:00:00] 归档文件:/var/log/myapp/archive/app_20260402_120000.log
[2026-04-02 12:00:00] 日志文件:/var/log/log_rotate_20260402_120000.log
==========================================
# 4. 查看当前日志文件
# ls -lh /var/log/myapp/app.log
-rw-r–r–. 1 root root 0 Apr 2 12:00:00 /var/log/myapp/app.log
# 5. 查看归档文件
# ls -lh /var/log/myapp/archive/
total 125K
-rw-r–r–. 1 root root 125K Apr 2 12:00:00 app_20260402_120000.log
3.2 日志清理脚本
# cat > /opt/scripts/log_clean.sh << 'EOF' #!/bin/bash # 日志清理脚本 # 功能:清理过期的日志文件 # 作者:fgedu # 日期:2026-04-02 # 定义变量 LOG_DIR="/var/log/myapp" ARCHIVE_DIR="$LOG_DIR/archive" BACKUP_DIR="$LOG_DIR/backup" KEEP_DAYS=7 COMPRESS_DAYS=3 LOG_FILE_LOG="/var/log/log_clean_$(date +%Y%m%d_%H%M%S).log" # 创建日志函数 log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE_LOG" } # 创建分隔线函数 separator() { echo "==========================================" | tee -a "$LOG_FILE_LOG" } # 开始清理日志 separator log "开始日志清理任务" separator log "归档目录:$ARCHIVE_DIR" log "保留天数:$KEEP_DAYS" log "压缩天数:$COMPRESS_DAYS" separator # 检查归档目录是否存在 if [ ! -d "$ARCHIVE_DIR" ]; then log "警告:归档目录 $ARCHIVE_DIR 不存在" exit 0 fi # 显示清理前的文件列表 separator log "清理前的归档文件:" ls -lh "$ARCHIVE_DIR" | tee -a "$LOG_FILE_LOG" # 统计文件数量 total_files=$(find "$ARCHIVE_DIR" -type f | wc -l) total_size=$(du -sh "$ARCHIVE_DIR" | cut -f1) log "归档文件总数:$total_files" log "归档目录大小:$total_size" # 压缩旧日志文件 separator log "压缩 $COMPRESS_DAYS 天前的日志文件..." compressed_files=0 find "$ARCHIVE_DIR" -name "*.log" -mtime +$COMPRESS_DAYS -type f | while read logfile; do log "压缩文件:$logfile" gzip "$logfile" if [ $? -eq 0 ]; then compressed_files=$((compressed_files + 1)) log "压缩成功:${logfile}.gz" else log "压缩失败:$logfile" fi done log "压缩完成,共压缩 $compressed_files 个文件" # 删除过期日志文件 separator log "删除 $KEEP_DAYS 天前的日志文件..." deleted_files=0 deleted_files=$(find "$ARCHIVE_DIR" -name "*.log*" -mtime +$KEEP_DAYS -type f -delete -print | wc -l) log "删除完成,共删除 $deleted_files 个文件" # 显示清理后的文件列表 separator log "清理后的归档文件:" ls -lh "$ARCHIVE_DIR" | tee -a "$LOG_FILE_LOG" # 统计清理后的文件数量 new_total_files=$(find "$ARCHIVE_DIR" -type f | wc -l) new_total_size=$(du -sh "$ARCHIVE_DIR" | cut -f1) log "归档文件总数:$new_total_files" log "归档目录大小:$new_total_size" # 显示清理统计 separator log "清理统计:" log "清理前文件数:$total_files" log "清理后文件数:$new_total_files" log "删除文件数:$deleted_files" log "清理前大小:$total_size" log "清理后大小:$new_total_size" separator # 完成清理 separator log "日志清理完成" separator log "日志文件:$LOG_FILE_LOG" separator exit 0 EOF # 2. 设置脚本执行权限 # chmod +x /opt/scripts/log_clean.sh # 3. 生成更多测试日志文件 # for i in {1..5}; do # /tmp/generate_logs.sh # /opt/scripts/log_rotate.sh # sleep 1 # done # 4. 查看归档目录 # ls -lh /var/log/myapp/archive/ total 625K -rw-r--r--. 1 root root 125K Apr 2 12:00:00 app_20260402_120000.log -rw-r--r--. 1 root root 125K Apr 2 12:00:05 app_20260402_120005.log -rw-r--r--. 1 root root 125K Apr 2 12:00:10 app_20260402_120010.log -rw-r--r--. 1 root root 125K Apr 2 12:00:15 app_20260402_120015.log -rw-r--r--. 1 root root 125K Apr 2 12:00:20 app_20260402_120020.log # 5. 执行日志清理脚本 # /opt/scripts/log_clean.sh ========================================== [2026-04-02 12:01:00] 开始日志清理任务 ========================================== [2026-04-02 12:01:00] 归档目录:/var/log/myapp/archive [2026-04-02 12:01:00] 保留天数:7 [2026-04-02 12:01:00] 压缩天数:3 ========================================== [2026-04-02 12:01:00] 清理前的归档文件: total 625K -rw-r--r--. 1 root root 125K Apr 2 12:00:00 app_20260402_120000.log -rw-r--r--. 1 root root 125K Apr 2 12:00:05 app_20260402_120005.log -rw-r--r--. 1 root root 125K Apr 2 12:00:10 app_20260402_120010.log -rw-r--r--. 1 root root 125K Apr 2 12:00:15 app_20260402_120015.log -rw-r--r--. 1 root root 125K Apr 2 12:00:20 app_20260402_120020.log ========================================== [2026-04-02 12:01:00] 归档文件总数:5 [2026-04-02 12:01:00] 归档目录大小:625K ========================================== [2026-04-02 12:01:00] 压缩 3 天前的日志文件... [2026-04-02 12:01:00] 压缩完成,共压缩 0 个文件 ========================================== [2026-04-02 12:01:00] 删除 7 天前的日志文件... [2026-04-02 12:01:00] 删除完成,共删除 0 个文件 ========================================== [2026-04-02 12:01:00] 清理后的归档文件: total 625K -rw-r--r--. 1 root root 125K Apr 2 12:00:00 app_20260402_120000.log -rw-r--r--. 1 root root 125K Apr 2 12:00:05 app_20260402_120005.log -rw-r--r--. 1 root root 125K Apr 2 12:00:10 app_20260402_120010.log -rw-r--r--. 1 root root 125K Apr 2 12:00:15 app_20260402_120015.log -rw-r--r--. 1 root root 125K Apr 2 12:00:20 app_20260402_120020.log ========================================== [2026-04-02 12:01:00] 归档文件总数:5 [2026-04-02 12:01:00] 归档目录大小:625K ========================================== [2026-04-02 12:01:00] 清理统计: [2026-04-02 12:01:00] 清理前文件数:5 [2026-04-02 12:01:00] 清理后文件数:5 [2026-04-02 12:01:00] 删除文件数:0 [2026-04-02 12:01:00] 清理前大小:625K [2026-04-02 12:01:00] 清理后大小:625K ========================================== [2026-04-02 12:01:00] 日志清理完成 ========================================== [2026-04-02 12:01:00] 日志文件:/var/log/log_clean_20260402_120100.log ==========================================
3.3 日志分析脚本
# cat > /opt/scripts/log_analyze.sh << 'EOF' #!/bin/bash # 日志分析脚本 # 功能:分析日志文件,统计各类日志信息 # 作者:fgedu # 日期:2026-04-02 # 定义变量 LOG_DIR="/var/log/myapp" ARCHIVE_DIR="$LOG_DIR/archive" LOG_FILE="$LOG_DIR/app.log" ANALYSIS_REPORT="/var/log/log_analysis_$(date +%Y%m%d_%H%M%S).txt" # 创建日志函数 log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$ANALYSIS_REPORT" } # 创建分隔线函数 separator() { echo "==========================================" | tee -a "$ANALYSIS_REPORT" } # 开始分析日志 separator log "日志分析报告" separator log "分析时间:$(date '+%Y-%m-%d %H:%M:%S')" separator # 分析当前日志文件 if [ -f "$LOG_FILE" ] && [ -s "$LOG_FILE" ]; then separator log "当前日志文件分析:$LOG_FILE" separator log "总行数:$(wc -l < "$LOG_FILE")" log "文件大小:$(du -h "$LOG_FILE" | cut -f1)" log "日志级别统计:" echo " INFO: $(grep -c "\[INFO\]" "$LOG_FILE" 2>/dev/null || echo 0)” | tee -a “$ANALYSIS_REPORT”
echo ” DEBUG: $(grep -c “\[DEBUG\]” “$LOG_FILE” 2>/dev/null || echo 0)” | tee -a “$ANALYSIS_REPORT”
echo ” WARN: $(grep -c “\[WARN\]” “$LOG_FILE” 2>/dev/null || echo 0)” | tee -a “$ANALYSIS_REPORT”
echo ” ERROR: $(grep -c “\[ERROR\]” “$LOG_FILE” 2>/dev/null || echo 0)” | tee -a “$ANALYSIS_REPORT”
log “最新10条日志:”
tail -10 “$LOG_FILE” | tee -a “$ANALYSIS_REPORT”
log “错误日志:”
grep “\[ERROR\]” “$LOG_FILE” | tail -5 | tee -a “$ANALYSIS_REPORT”
fi
# 分析归档日志文件
if [ -d “$ARCHIVE_DIR” ]; then
separator
log “归档日志文件分析”
separator
archive_count=$(find “$ARCHIVE_DIR” -name “*.log” -o -name “*.log.gz” | wc -l)
archive_size=$(du -sh “$ARCHIVE_DIR” | cut -f1)
log “归档文件数量:$archive_count”
log “归档目录大小:$archive_size”
log “归档文件列表:”
ls -lh “$ARCHIVE_DIR” | tee -a “$ANALYSIS_REPORT”
# 分析最近的归档文件
latest_archive=$(ls -t “$ARCHIVE_DIR”/*.log 2>/dev/null | head -1)
if [ -n “$latest_archive” ]; then
separator
log “最新归档文件分析:$latest_archive”
separator
log “文件大小:$(du -h “$latest_archive” | cut -f1)”
log “总行数:$(wc -l < "$latest_archive")"
log "日志级别统计:"
echo " INFO: $(grep -c "\[INFO\]" "$latest_archive" 2>/dev/null || echo 0)” | tee -a “$ANALYSIS_REPORT”
echo ” DEBUG: $(grep -c “\[DEBUG\]” “$latest_archive” 2>/dev/null || echo 0)” | tee -a “$ANALYSIS_REPORT”
echo ” WARN: $(grep -c “\[WARN\]” “$latest_archive” 2>/dev/null || echo 0)” | tee -a “$ANALYSIS_REPORT”
echo ” ERROR: $(grep -c “\[ERROR\]” “$latest_archive” 2>/dev/null || echo 0)” | tee -a “$ANALYSIS_REPORT”
fi
fi
# 完成分析
separator
log “日志分析完成”
separator
log “分析报告:$ANALYSIS_REPORT”
separator
exit 0
EOF
# 2. 设置脚本执行权限
# chmod +x /opt/scripts/log_analyze.sh
# 3. 执行日志分析脚本
# /opt/scripts/log_analyze.sh
==========================================
[2026-04-02 12:02:00] 日志分析报告
==========================================
[2026-04-02 12:02:00] 分析时间:2026-04-02 12:02:00
==========================================
[2026-04-02 12:02:00] 当前日志文件分析:/var/log/myapp/app.log
==========================================
[2026-04-02 12:02:00] 总行数:0
[2026-04-02 12:02:00] 文件大小:0
[2026-04-02 12:02:00] 日志级别统计:
INFO: 0
DEBUG: 0
WARN: 0
ERROR: 0
==========================================
[2026-04-02 12:02:00] 归档日志文件分析
==========================================
[2026-04-02 12:02:00] 归档文件数量:5
[2026-04-02 12:02:00] 归档目录大小:625K
[2026-04-02 12:02:00] 归档文件列表:
total 625K
-rw-r–r–. 1 root root 125K Apr 2 12:00:00 app_20260402_120000.log
-rw-r–r–. 1 root root 125K Apr 2 12:00:05 app_20260402_120005.log
-rw-r–r–. 1 root root 125K Apr 2 12:00:10 app_20260402_120010.log
-rw-r–r–. 1 root root 125K Apr 2 12:00:15 app_20260402_120015.log
-rw-r–r–. 1 root root 125K Apr 2 12:00:20 app_20260402_120020.log
==========================================
[2026-04-02 12:02:00] 最新归档文件分析:/var/log/myapp/archive/app_20260402_120020.log
==========================================
[2026-04-02 12:02:00] 文件大小:125K
[2026-04-02 12:02:00] 总行数:1015
[2026-04-02 12:02:00] 日志级别统计:
INFO: 253
DEBUG: 254
WARN: 254
ERROR: 254
==========================================
[2026-04-02 12:02:00] 日志分析完成
==========================================
[2026-04-02 12:02:00] 分析报告:/var/log/log_analysis_20260402_120200.txt
==========================================
# 4. 查看分析报告
# cat /var/log/log_analysis_20260402_120200.txt
==========================================
[2026-04-02 12:02:00] 日志分析报告
==========================================
[2026-04-02 12:02:00] 分析时间:2026-04-02 12:02:00
==========================================
[2026-04-02 12:02:00] 当前日志文件分析:/var/log/myapp/app.log
==========================================
[2026-04-02 12:02:00] 总行数:0
[2026-04-02 12:02:00] 文件大小:0
[2026-04-02 12:02:00] 日志级别统计:
INFO: 0
DEBUG: 0
WARN: 0
ERROR: 0
==========================================
[2026-04-02 12:02:00] 归档日志文件分析
==========================================
[2026-04-02 12:02:00] 归档文件数量:5
[2026-04-02 12:02:00] 归档目录大小:625K
[2026-04-02 12:02:00] 归档文件列表:
total 625K
-rw-r–r–. 1 root root 125K Apr 2 12:00:00 app_20260402_120000.log
-rw-r–r–. 1 root root 125K Apr 2 12:00:05 app_20260402_120005.log
-rw-r–r–. 1 root root 125K Apr 2 12:00:10 app_20260402_120010.log
-rw-r–r–. 1 root root 125K Apr 2 12:00:15 app_20260402_120015.log
-rw-r–r–. 1 root root 125K Apr 2 12:00:20 app_20260402_120020.log
==========================================
[2026-04-02 12:02:00] 最新归档文件分析:/var/log/myapp/archive/app_20260402_120020.log
==========================================
[2026-04-02 12:02:00] 文件大小:125K
[2026-04-02 12:02:00] 总行数:1015
[2026-04-02 12:02:00] 日志级别统计:
INFO: 253
DEBUG: 254
WARN: 254
ERROR: 254
==========================================
[2026-04-02 12:02:00] 日志分析完成
==========================================
[2026-04-02 12:02:00] 分析报告:/var/log/log_analysis_20260402_120200.txt
==========================================
Part04-生产环境实战案例
4.1 配置logrotate
# dnf install -y logrotate
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:01 ago on Thu Apr 2 12:00:00 2026.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
logrotate x86_64 3.18.0-4.el10 baseos 78 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 78 k
Installed size: 156 k
Downloading Packages:
logrotate-3.18.0-4.el10.x86_64.rpm 78 kB/s | 78 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : logrotate-3.18.0-4.el10.x86_64 1/1
Verifying : logrotate-3.18.0-4.el10.x86_64 1/1
Installed:
logrotate-3.18.0-4.el10.x86_64
Complete!
# 2. 创建logrotate配置文件
# cat > /etc/logrotate.d/myapp << 'EOF'
/var/log/myapp/*.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
create 0644 root root
sharedscripts
postrotate
/usr/bin/systemctl reload myapp.service > /dev/null 2>&1 || true
endscript
}
EOF
# 3. 查看logrotate配置文件
# cat /etc/logrotate.d/myapp
/var/log/myapp/*.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
create 0644 root root
sharedscripts
postrotate
/usr/bin/systemctl reload myapp.service > /dev/null 2>&1 || true
endscript
}
# 4. 测试logrotate配置
# logrotate -d /etc/logrotate.d/myapp
reading config file /etc/logrotate.d/myapp
reading config info for /var/log/myapp/*.log
Handling 1 logs
rotating pattern: /var/log/myapp/*.log after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/myapp/app.log
log does not need rotating
considering log /var/log/myapp/archive/app_20260402_120000.log
log does not need rotating
considering log /var/log/myapp/archive/app_20260402_120005.log
log does not need rotating
considering log /var/log/myapp/archive/app_20260402_120010.log
log does not need rotating
considering log /var/log/myapp/archive/app_20260402_120015.log
log does not need rotating
considering log /var/log/myapp/archive/app_20260402_120020.log
log does not need rotating
# 5. 强制执行logrotate
# logrotate -f /etc/logrotate.d/myapp
# 6. 查看日志文件
# ls -lh /var/log/myapp/
total 625K
-rw-r–r–. 1 root root 0 Apr 2 12:03:00 app.log
drwxr-xr-x. 2 root root 4096 Apr 2 12:03:00 archive
4.2 配置定时日志管理任务
# crontab -e
# 添加定时任务
# 每天凌晨1点执行日志分割
0 1 * * * /opt/scripts/log_rotate.sh >> /var/log/cron_log_rotate.log 2>&1
# 每天凌晨2点执行日志清理
0 2 * * * /opt/scripts/log_clean.sh >> /var/log/cron_log_clean.log 2>&1
# 每天凌晨3点执行日志分析
0 3 * * * /opt/scripts/log_analyze.sh >> /var/log/cron_log_analyze.log 2>&1
# 2. 查看crontab任务
# crontab -l
0 1 * * * /opt/scripts/log_rotate.sh >> /var/log/cron_log_rotate.log 2>&1
0 2 * * * /opt/scripts/log_clean.sh >> /var/log/cron_log_analyze.log 2>&1
0 3 * * * /opt/scripts/log_analyze.sh >> /var/log/cron_log_analyze.log 2>&1
# 3. 查看cron服务状态
# systemctl status crond
● crond.service – Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2026-04-02 10:00:00 CST; 2h ago
Main PID: 1234 (crond)
Tasks: 1 (limit: 4915)
Memory: 2.5M
CGroup: /system.slice/crond.service
└─1234 /usr/sbin/crond -n
Part05-风哥经验总结与分享
5.1 日志管理最佳实践
- 定期分割:建立定期日志分割机制,避免单个日志文件过大
- 及时清理:定期清理过期日志,释放磁盘空间
- 压缩归档:对旧日志进行压缩,节省存储空间
- 分级存储:将不同级别的日志分开存储,便于管理
- 远程备份:重要日志应备份到远程服务器
5.2 日志分析技巧
- 关键词搜索:使用grep快速定位关键信息
- 时间范围过滤:根据时间范围筛选日志
- 日志级别统计:统计各级别日志数量,评估系统健康状况
- 错误日志分析:重点关注ERROR和WARN级别日志
- 趋势分析:分析日志增长趋势,预测容量需求
5.3 性能优化建议
- 避免在日志高峰期执行日志分割和清理操作
- 使用异步日志写入,减少对应用性能的影响
- 合理设置日志级别,避免产生过多DEBUG日志
- 使用高效的日志库,如log4j、logback等
- 定期检查日志文件系统性能,确保I/O性能充足
5.4 常见问题与解决方案
| 问题 | 原因 | 解决方案 |
|---|---|---|
| 日志文件过大 | 日志分割策略不合理 | 调整分割频率,增加分割策略 |
| 磁盘空间不足 | 日志清理不及时 | 增加清理频率,设置保留策略 |
| 日志丢失 | 日志分割或清理时出错 | 完善错误处理,增加备份机制 |
| 日志查询慢 | 日志文件过多或过大 | 使用日志索引工具,优化查询 |
日志管理是系统运维的基础工作,一个好的日志管理策略应该包括日志分割、清理、分析和备份等环节。在生产环境中,建议使用logrotate等专业工具进行日志管理,结合定时任务实现自动化。同时,要建立日志监控和告警机制,及时发现异常情况。定期审查日志管理策略,确保其满足业务需求。
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
