Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/linux/25.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/bash/16.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Linux 服务器上没有每5秒记录一次的活动_Linux_Bash_Logging_Ssh_Logrotate - Fatal编程技术网
Fatal编程技术网
  • linux/
  • Linux 服务器上没有每5秒记录一次的活动

Linux 服务器上没有每5秒记录一次的活动

linux bash logging ssh

Linux 服务器上没有每5秒记录一次的活动,linux,bash,logging,ssh,logrotate,Linux,Bash,Logging,Ssh,Logrotate,最近我注意到我服务器上的日志文件增长速度比我预期的要快。快速浏览之后,我意识到正是wtmp占据了我的磁盘空间。使用utmpdump命令(见下文),我发现每5秒记录一次新的3或4条日志 # utmpdump /var/log/wtmp | tail -n 25 Utmp dump of /var/log/wtmp [6] [00886] [2 ] [LOGIN ] [tty2 ] [ ] [0.0.0.0 ] [Wed Fe

最近我注意到我服务器上的日志文件增长速度比我预期的要快。快速浏览之后,我意识到正是
wtmp
占据了我的磁盘空间。使用
utmpdump
命令(见下文),我发现每5秒记录一次新的3或4条日志

# utmpdump /var/log/wtmp | tail -n 25
Utmp dump of /var/log/wtmp
[6] [00886] [2   ] [LOGIN   ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:08 2018 MSK]
[8] [00885] [1   ] [        ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:13 2018 MSK]
[6] [00889] [1   ] [LOGIN   ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:13 2018 MSK]
[8] [00886] [2   ] [        ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:13 2018 MSK]
[6] [00890] [2   ] [LOGIN   ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:13 2018 MSK]
[8] [00889] [1   ] [        ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:18 2018 MSK]
[6] [00897] [1   ] [LOGIN   ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:18 2018 MSK]
[8] [00890] [2   ] [        ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:18 2018 MSK]
[6] [00898] [2   ] [LOGIN   ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:18 2018 MSK]
[8] [00897] [1   ] [        ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:23 2018 MSK]
[6] [00899] [1   ] [LOGIN   ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:23 2018 MSK]
[8] [00898] [2   ] [        ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:23 2018 MSK]
[6] [00900] [2   ] [LOGIN   ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:23 2018 MSK]
[8] [00899] [1   ] [        ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:28 2018 MSK]
[6] [00901] [1   ] [LOGIN   ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:28 2018 MSK]
[8] [00900] [2   ] [        ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:28 2018 MSK]
[6] [00902] [2   ] [LOGIN   ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:28 2018 MSK]
[8] [00901] [1   ] [        ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:33 2018 MSK]
[6] [00906] [1   ] [LOGIN   ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:33 2018 MSK]
[8] [00902] [2   ] [        ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:33 2018 MSK]
[6] [00907] [2   ] [LOGIN   ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:33 2018 MSK]
[8] [00906] [1   ] [        ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:38 2018 MSK]
[6] [00910] [1   ] [LOGIN   ] [tty1        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:38 2018 MSK]
[8] [00907] [2   ] [        ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:38 2018 MSK]
[6] [00911] [2   ] [LOGIN   ] [tty2        ] [                    ] [0.0.0.0        ] [Wed Feb 07 17:26:38 2018 MSK]
服务器上没有负载:

# w
 17:34:03 up 17 min,  1 user,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/2    cpe-75-177-130-5 17:24    0.00s  0.02s  0.00s w
没有奇怪的过程破坏:

# top
top - 17:35:08 up 18 min,  1 user,  load average: 0.00, 0.00, 0.00
Tasks:  28 total,   1 running,  27 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.3%us,  0.0%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   2097152k total,    47060k used,  2050092k free,        0k buffers
Swap:        0k total,        0k used,        0k free,    28024k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 1141 root      20   0 11452 3536 2724 S  1.3  0.2   0:00.11 sshd
    1 root      20   0  2844 1440 1228 S  0.0  0.1   0:00.27 init
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.00 kthreadd/9506
    3 root      20   0     0    0    0 S  0.0  0.0   0:00.00 khelper/9506
   72 root      16  -4  2560  600  364 S  0.0  0.0   0:00.00 udevd
   98 root      18  -2  2556  604  364 S  0.0  0.0   0:00.00 udevd
   99 root      18  -2  2556  604  364 S  0.0  0.0   0:00.00 udevd
  458 root      20   0  9400 1008  520 S  0.0  0.0   0:00.02 sshd
  469 root      20   0  3144  940  760 S  0.0  0.0   0:00.00 xinetd
  483 root      20   0  6224  576  264 S  0.0  0.0   0:00.00 vsftpd
  494 root      20   0  8704  864  468 S  0.0  0.0   0:00.00 saslauthd
  496 root      20   0  8704  552  156 S  0.0  0.0   0:00.00 saslauthd
  514 root      20   0 12352 1820  708 S  0.0  0.1   0:00.01 sendmail
  521 smmsp     20   0 12152 1624  644 S  0.0  0.1   0:00.00 sendmail
  533 root      20   0 25096 6956 3932 S  0.0  0.3   0:00.03 httpd
  543 root      20   0  1964  496  436 S  0.0  0.0   0:00.00 mingetty
  544 root      20   0  1964  488  436 S  0.0  0.0   0:00.00 mingetty
  552 root      20   0  1964  492  436 S  0.0  0.0   0:00.00 mingetty
  554 root      20   0  1964  488  436 S  0.0  0.0   0:00.00 mingetty
  556 root      20   0  1964  492  436 S  0.0  0.0   0:00.00 mingetty
  558 root      20   0  1964  492  436 S  0.0  0.0   0:00.00 mingetty
  559 apache    20   0 25096 3676  628 S  0.0  0.2   0:00.00 httpd
  831 root      20   0 12572 3652 2908 S  0.0  0.2   0:00.06 sshd
  833 root      20   0  6372 1712 1472 S  0.0  0.1   0:00.02 bash
 1136 root      20   0  2548 1076  892 R  0.0  0.1   0:00.00 top
 1142 sshd      20   0 10744 1452  876 S  0.0  0.1   0:00.01 sshd
 1145 root      20   0  1960  592  532 S  0.0  0.0   0:00.00 mingetty
 1146 root      20   0  1960  596  532 S  0.0  0.0   0:00.00 mingetty
这些日志记录背后是什么?为什么每5秒记录一次这样的任务?有没有办法停止记录那些“虚拟”日志,只记录真实的登录日志

记录50秒内运行的所有进程

{1..10}中i的
;do ps-efH | tee-a~/tmp/pids-5.txt;睡眠5;完成

然后转储wtmp内容并对照pids-5.txt检查第二列值。它应该告诉您PID属于哪个用户和命令。
然后,您可以采取措施避免这些进程运行。

一旦我在串行端口上有了快捷方式,就可以一直向侦听该端口的登录程序发送“\0”字符。可能是这样的硬件问题吗?关于wtmp原始格式有一个很好的解释。因此,在您的例子中,它是一个本地进程,生成由0.0.0.0列表示的输出。我将检查正在运行的cron作业、/var/log/messages文件中是否存在任何异常活动,如果可能,还将检查服务器的物理状态。@LuisMuñoz-此服务器上没有安装
crond
。文件
/var/log/messages
为空(0字节)。请尝试使用journalctl命令或调查其使用的日志记录方法using@LuisMuñoz-
-bash:journalctl:未找到命令
谢谢。日志属于
/sbin/mingetty/dev/tty1
/sbin/mingetty/dev/tty2
,因此服务器上的物理控制台正在重新启动。可能是因为它们无法配置并不断重试存储库,但我看不到配置
mingetty
或禁用其虚拟logsCheck和。