Sarrafa Saƙonnin Log ƙarƙashin Systemd Ta Amfani da Journalctl [Mai Gabatarwa]


Systemd babban tsari ne da mai sarrafa sabis don tsarin Linux: maye gurbin daemon init wanda aka yi niyya don fara aiki a layi daya a boot ɗin tsarin. Yanzu ana tallafawa a cikin yawancin rarrabawar yau da kullun ciki har da Fedora, Debian, Ubuntu, OpenSuSE, Arch, RHEL, CentOS, da sauransu.

Tun da farko, mun bayyana labarin da ke bayan 'init' da 'systemd'; inda muka tattauna menene daemons guda biyu, dalilin da yasa 'init' a fasaha ya buƙaci a maye gurbinsa da 'systemd' da kuma manyan siffofi na systemd.

Ɗaya daga cikin manyan fa'idodin tsarin da aka tsara akan sauran tsarin gama gari shine, goyan baya don sarrafa tsarin tsakiya da aiwatar da tsarin shiga ta amfani da jarida. A cikin wannan labarin, za mu koyi yadda ake sarrafawa da duba saƙonnin log a ƙarƙashin systemd ta amfani da umarnin journalctl a cikin Linux.

Muhimmi: Kafin ci gaba a cikin wannan jagorar, kuna iya koyan yadda ake sarrafa ƙirƙira da gudanar da sabbin sassan sabis a cikin tsarin ta amfani da rubutun harsashi a cikin Linux. Koyaya, idan kun yi daidai da duk abubuwan da ke sama, ci gaba da karantawa.

Ana saita Jarida don Tattara Saƙonnin Log ƙarƙashin Na'ura

journald wani daemon ne wanda ke tattarawa da rubuta abubuwan da aka shigar da mujallu daga dukkan tsarin; waɗannan ainihin saƙon taya ne, saƙonni daga kernel da daga syslog ko aikace-aikace daban-daban kuma yana adana duk saƙonni a wuri na tsakiya - fayil ɗin jarida.

Kuna iya sarrafa halayen jarida ta hanyar babban fayil ɗin sanyi: /etc/systemd/journald.conf wanda aka ƙirƙira a lokacin tattarawa. Wannan fayil ɗin ya ƙunshi zaɓuɓɓuka waɗanda ƙila za ku iya canzawa don dacewa da buƙatun mahalli na gida.

A ƙasa akwai samfurin abin da fayil ɗin yayi kama, ana kallo ta amfani da umarnin cat.

$ cat /etc/systemd/journald.conf 
# See journald.conf(5) for details.

[Journal]
#Storage=auto
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitInterval=30s
#RateLimitBurst=1000
#SystemMaxUse=
#SystemKeepFree=
#SystemMaxFileSize=
#SystemMaxFiles=100
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
#MaxRetentionSec=
#MaxFileSec=1month
#ForwardToSyslog=yes
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg

Lura cewa ana shigar da fakiti daban-daban da kuma amfani da tsantsa mai tsafta a cikin /usr/lib/systemd/*.conf.d/ kuma ana iya samun daidaitawar lokaci a /run/systemd/journald.conf.d/* .conf wanda ba lallai ba ne amfani.

Yawancin rarraba Linux ciki har da Ubuntu da abubuwan da suka samo asali kamar Linux Mint ba sa ba da damar adana saƙonnin taya a kan faifai ta tsohuwa.

Yana yiwuwa a kunna wannan ta saita zaɓin Ajiye zuwa nauyi kamar yadda aka nuna a ƙasa. Wannan zai ƙirƙiri littafin /var/log/jarida kuma za a adana duk fayilolin mujallu a ƙarƙashinsa.

$ sudo vi /etc/systemd/journald.conf 
OR
$ sudo nano /etc/systemd/journald.conf 
[Journal]
Storage=persistent

Don ƙarin saitunan, nemo ma'anar duk zaɓuɓɓuka waɗanda yakamata a saita su ƙarƙashin sashin [Journal] ta hanyar bugawa.

$ man journald.conf

Don amintaccen sarrafa log ɗin ƙarƙashin systemd ta amfani da sabis ɗin jarida, tabbatar da cewa saitunan lokaci gami da yankin lokaci daidai akan tsarin.

Domin duba saitunan kwanan wata da lokaci na yanzu akan tsarin ku, rubuta.

$ timedatectl 
OR
$ timedatectl status

Local time: Thu 2017-06-15 13:29:09 EAT
Universal time: Thu 2017-06-15 10:29:09 UTC
RTC time: Thu 2017-06-15 10:29:09
Time zone: Africa/Kampala (EAT, +0300)
Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no

Don saita yankin lokaci daidai da yuwuwar lokacin tsarin, yi amfani da umarnin da ke ƙasa.

$ sudo timedatectl set-timezone  Africa/Kampala
$ sudo timedatectl set-time “13:50:00”

journalctl kayan aiki ne da ake amfani da shi don duba abubuwan da ke cikin tsarin da aka tsara (wanda sabis ɗin journald ya rubuta).

Don nuna duk rajistan ayyukan da aka tattara ba tare da wani tacewa ba, rubuta.

$ journalctl
-- Logs begin at Wed 2017-06-14 21:56:43 EAT, end at Thu 2017-06-15 12:28:19 EAT
Jun 14 21:56:43 tecmint systemd-journald[336]: Runtime journal (/run/log/journal
Jun 14 21:56:43 tecmint kernel: Initializing cgroup subsys cpuset
Jun 14 21:56:43 tecmint kernel: Initializing cgroup subsys cpu
Jun 14 21:56:43 tecmint kernel: Initializing cgroup subsys cpuacct
Jun 14 21:56:43 tecmint kernel: Linux version 4.4.0-21-generic ([email )
Jun 14 21:56:43 tecmint kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-4.4.0-21-
Jun 14 21:56:43 tecmint kernel: KERNEL supported cpus:
Jun 14 21:56:43 tecmint kernel:   Intel GenuineIntel
Jun 14 21:56:43 tecmint kernel:   AMD AuthenticAMD
Jun 14 21:56:43 tecmint kernel:   Centaur CentaurHauls
Jun 14 21:56:43 tecmint kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]
Jun 14 21:56:43 tecmint kernel: x86/fpu: Supporting XSAVE feature 0x01: 'x87 flo
Jun 14 21:56:43 tecmint kernel: x86/fpu: Supporting XSAVE feature 0x02: 'SSE reg
Jun 14 21:56:43 tecmint kernel: x86/fpu: Supporting XSAVE feature 0x04: 'AVX reg
Jun 14 21:56:43 tecmint kernel: x86/fpu: Enabled xstate features 0x7, context si
Jun 14 21:56:43 tecmint kernel: x86/fpu: Using 'eager' FPU context switches.
Jun 14 21:56:43 tecmint kernel: e820: BIOS-provided physical RAM map:
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000000000000-0x00000000000
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000000090000-0x00000000000
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000000100000-0x000000001ff
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000020000000-0x00000000201
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000020200000-0x00000000400

Kuna iya nuna jerin lambobin taya (dangane da taya na yanzu), ID ɗin su, da tambarin lokutan saƙon farko da na ƙarshe wanda ya dace da taya tare da zaɓin --list-boots.

$ journalctl --list-boots

-1 9fb590b48e1242f58c2579defdbbddc9 Thu 2017-06-15 16:43:36 EAT—Thu 2017-06-15 1
 0 464ae35c6e264a4ca087949936be434a Thu 2017-06-15 16:47:36 EAT—Thu 2017-06-15 1 

Don duba shigarwar mujallu daga taya na yanzu (lamba 0), yi amfani da canjin -b kamar wannan (daidai da samfurin samfurin da ke sama).

$ journalctl -b

kuma don ganin jarida daga taya ta baya, yi amfani da -1 alamar dangi tare da zaɓin -b kamar yadda yake ƙasa.

$ journalctl -b -1

A madadin, yi amfani da boot ID kamar wannan.

$ journalctl -b 9fb590b48e1242f58c2579defdbbddc9

Don amfani da lokaci a tsarin Haɗin gwiwar Universal Time (UTC), ƙara zaɓuɓɓukan --utc kamar haka.

$ journalctl --utc

Don ganin duk shigarwar tun daga takamaiman kwanan wata da lokaci, misali. Yuni 15th, 2017 a 8:15 AM, rubuta wannan umarni.

$ journalctl --since "2017-06-15 08:15:00"
$ journalctl --since today
$ journalctl --since yesterday

Don duba saƙonnin log ɗin kwanan nan (10 ta tsohuwa), yi amfani da tutar -n kamar yadda aka nuna a ƙasa.

$ journalctl -n
$ journalctl -n 20 

Don ganin saƙonnin kwaya kawai, kama da fitarwar umarni dmesg, zaku iya amfani da tutar -k.

$ journalctl -k 
$ journalctl -k -b 
$ journalctl -k -b 9fb590b48e1242f58c2579defdbbddc9

Don ganin duk shigarwar mujallu na wata naúrar, yi amfani da canjin -u kamar haka.

$ journalctl -u apache2.service

Don saukar da sifili zuwa taya na yanzu, rubuta wannan umarni.

$ journalctl -b -u apache2.service

Don nuna rajistan ayyukan daga taya ta baya, yi amfani da wannan.

$ journalctl -b -1 -u apache2.service

A ƙasa akwai wasu umarni masu amfani:

$ journalctl -u apache2.service  
$ journalctl -u apache2.service --since today
$ journalctl -u apache2.service -u nagios.service --since yesterday

Don duba rajistan ayyukan da aka samar ta takamaiman tsari, saka PID kamar wannan.

$ journalctl _PID=19487
$ journalctl _PID=19487 --since today
$ journalctl _PID=19487 --since yesterday

Don duba rajistan ayyukan da wani takamammen mai amfani ko rukuni ya samar, saka mai amfani ko ID na rukuni kamar wannan.

$ journalctl _UID=1000
$ journalctl _UID=1000 --since today
$ journalctl _UID=1000 -b -1 --since today

Don nuna duk rajistan ayyukan da fayil ya samar (wataƙila mai aiwatarwa), kamar D-Bus executable ko bash executables, kawai rubuta.

$ journalctl /usr/bin/dbus-daemon
$ journalctl /usr/bin/bash

Hakanan zaka iya tace fitarwa dangane da fifikon saƙo ko fifikon fifiko ta amfani da tutar -p. Ƙididdiga masu yiwuwa su ne: 0 - fitowar, 1 - faɗakarwa, 2 - crit, 3 - kuskure, 4 - gargadi, 5 - sanarwa, 6 - bayani, 7 - cirewa):

$ journalctl -p err

Don tantance kewayon, yi amfani da tsarin da ke ƙasa (fitowa zuwa faɗakarwa).

$ journalctl -p 1..4
OR
$ journalctl -p emerg..warning

Kuna iya kusan kallon rajistan ayyukan yayin da ake rubuta su tare da zaɓin -f (mai kama da aikin wutsiya-f).

$ journalctl -f

Idan kana so ka sarrafa tsarin shigarwar mujallu, ƙara alamar -o kuma yi amfani da waɗannan zaɓuɓɓuka: cat, fitarwa, json, json-pretty, json-sse, gajere, gajere-iso, gajere-monotonic, gajere-daidaici da magana (duba ma'anar zaɓuɓɓuka a cikin shafin mutum:

Zaɓin cat yana nuna ainihin saƙon kowane shigarwar jarida ba tare da wani metadata ba (tambarin lokaci da sauransu).

$ journalctl -b -u apache2.service -o cat

Don duba fayil ɗin jarida don daidaiton ciki, yi amfani da zaɓin --verify. Idan komai yana da kyau, abin fitarwa yakamata ya nuna PASS.

$ journalctl --verify

PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/system.journal                               
491f68: Unused data (entry_offset==0)                                                                
PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/[email 9866c3d4d.journal
PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/[email c8-000551f5d8945a9e.journal
PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/[email 1becab02f.journal
PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/[email 01cfcedff.journal

Hakanan zaka iya nuna amfani da faifai na yanzu na duk fayilolin mujallu tare da zaɓuɓɓukan --faifai-usage. Yana nuna jimlar amfani da faifai na duk fayilolin da aka adana da aiki:

$ journalctl --disk-usage

Don share tsoffin fayilolin mujallolin (ajiye) gudanar da umarnin da ke ƙasa:

$ sudo journalctl --vacuum-size=50M  #delete files until the disk space they use falls below the specified size
$ sudo journalctl --vacuum-time=1years	#delete files so that all journal files contain no data older than the specified timespan
$ sudo journalctl --vacuum-files=4     #delete files so that no more than the specified number of separate journal files remain in storage location

A ƙarshe amma ba kalla ba, zaku iya umurtar journald don juya fayilolin mujallu tare da zaɓin --juyawa. Lura cewa wannan umarnin ba zai dawo ba har sai an gama aikin juyawa:

$ sudo journalctl --rotate

Don cikakken jagorar amfani da zaɓuɓɓuka, duba shafin journalctl man kamar haka.

$ man journalctl

Duba wasu labarai masu amfani.

  1. Sarrafa Tsari da Sabis na Farawa Tsari (SysVinit, Systemd da Upstart)
  2. Petiti - Kayan aikin Binciken Log Source na Buɗe don Linux SysAdmins
  3. Yadda ake Saita da Sarrafa jujjuya rajista ta amfani da Logrotate a cikin Linux
  4. lnav - Kalli kuma Yi nazarin Logs Apache daga Tashar Linux

Shi ke nan a yanzu. Yi amfani da martani daga ƙasa don yin kowace tambaya ko ƙara muku tunani akan wannan batu.