1.問題來源
現場反饋一個修改密碼出錯的問題,需查看一個服務名爲baseserver的日誌信息,之前日誌存放在/data/baseserver*路徑下,現登陸服務器後,發現該路徑下沒有任何baseserver相關的日誌文件
[root@ecs-1343-0001 data]# vim /data/ba
tab健按不出來啦!!!
怎麼辦?客戶現場急!!!爲什麼修改不了???
怎麼辦?大佬一直在催!!!怎麼還沒定位出來???
怎麼辦?我該怎麼辦???!!!無數個草泥馬從前面奔騰而來。。。
2.過程
網上搜羅了一番關於日誌恢復的方法,總算找到此神篇,此鉅作。在此也感謝該作者,出處:https://www.jianshu.com/p/662293f12a47,謝謝!
3.操作
接下來 看我如何操作
3.1.ps faux查看服務的進程號
[root@ecs-1343-0001 ideal]# ps faux |grep baseserver
root 111214 0.0 0.0 112708 984 pts/1 S+ 08:20 0:00 \_ grep --color=auto baseserver
root 7649 0.0 0.0 115304 712 ? S 00:46 0:00 /bin/bash ./start_baseserver.sh
root 7664 0.0 0.1 808080 25192 ? Sl 00:46 0:02 \_ ./baseserver config
3.2.通過lsof帶日誌文件名可以查看具體是那個進程,進程號,節點等信息,如下圖:
[root@ecs-1343-0001 ideal]# lsof |grep baseserver*
baseserve 7664 8360 root 3w REG 202,2 172818 168742652 /data/log/baseserver-7664-20200120004646.log (deleted)
baseserve 7664 8360 root 4u a_inode 0,10 0 8510 [eventpoll]
baseserve 7664 8360 root 5w REG 202,2 172818 168742652 /data/log/baseserver-7664-20200120004646.log (deleted)
baseserve 7664 8360 root 3w REG 202,2 172818 168742652 /data/log/baseserver-7664-20200120004646.log (deleted)
baseserve 7664 8360 root 4u a_inode 0,10 0 8510 [eventpoll]
baseserve 7664 8360 root 3w REG 202,2 172818 168742652 /data/log/baseserver-7664-20200120004646.log (deleted)
註釋:
7664:爲進程號(和ps faux輸出的進程號一致)
3w 、5w:爲節點信息
3.3.進入到cd /proc/7664/fd,查看所有的信息,如下圖:
[root@ecs-1343-0001 ~]# cd /proc/7664/fd
[root@ecs-1343-0001 fd]# ll
total 0
lr-x------ 1 root root 64 Jan 20 00:46 0 -> /dev/null
lrwx------ 1 root root 64 Jan 20 00:46 1 -> socket:[33912]
lrwx------ 1 root root 64 Jan 20 00:46 10 -> socket:[44780]
lrwx------ 1 root root 64 Jan 20 00:46 11 -> socket:[43683]
lrwx------ 1 root root 64 Jan 20 00:46 12 -> socket:[43684]
lrwx------ 1 root root 64 Jan 20 00:46 13 -> socket:[44781]
lrwx------ 1 root root 64 Jan 20 00:46 14 -> socket:[44782]
lrwx------ 1 root root 64 Jan 20 00:46 15 -> socket:[44783]
lrwx------ 1 root root 64 Jan 20 00:46 16 -> socket:[38808]
lrwx------ 1 root root 64 Jan 20 00:46 17 -> socket:[44784]
lrwx------ 1 root root 64 Jan 20 00:46 18 -> socket:[38809]
lrwx------ 1 root root 64 Jan 20 00:46 19 -> socket:[38810]
lrwx------ 1 root root 64 Jan 20 00:46 2 -> socket:[43680]
lrwx------ 1 root root 64 Jan 20 00:46 20 -> socket:[38811]
lrwx------ 1 root root 64 Jan 20 00:46 21 -> socket:[44785]
lrwx------ 1 root root 64 Jan 20 00:46 22 -> socket:[41965]
lrwx------ 1 root root 64 Jan 20 00:46 23 -> socket:[44786]
lrwx------ 1 root root 64 Jan 20 00:46 24 -> socket:[44787]
lrwx------ 1 root root 64 Jan 20 00:46 25 -> socket:[39876]
lrwx------ 1 root root 64 Jan 20 00:46 26 -> socket:[43685]
lrwx------ 1 root root 64 Jan 20 00:46 27 -> socket:[41967]
lrwx------ 1 root root 64 Jan 20 00:46 28 -> socket:[38812]
lrwx------ 1 root root 64 Jan 20 00:46 29 -> socket:[42824]
l-wx------ 1 root root 64 Jan 20 00:46 3 -> /data/log/baseserver-7664-20200120004646.log (deleted)
lrwx------ 1 root root 64 Jan 20 00:46 30 -> socket:[42825]
lrwx------ 1 root root 64 Jan 20 00:46 31 -> socket:[41969]
lrwx------ 1 root root 64 Jan 20 00:46 32 -> socket:[45756]
lrwx------ 1 root root 64 Jan 20 01:29 33 -> socket:[439701]
lrwx------ 1 root root 64 Jan 20 00:46 4 -> anon_inode:[eventpoll]
l-wx------ 1 root root 64 Jan 20 00:46 5 -> /data/log/baseserver-7664-20200120004646.log (deleted)
lrwx------ 1 root root 64 Jan 20 00:46 6 -> socket:[43681]
lrwx------ 1 root root 64 Jan 20 00:46 7 -> socket:[44778]
lrwx------ 1 root root 64 Jan 20 00:46 8 -> socket:[43682]
lrwx------ 1 root root 64 Jan 20 00:46 9 -> socket:[44779]
看到沒?對應的3 節點和5節點 不正是我們要的日誌文件嗎,,哈哈哈
l-wx------ 1 root root 64 Jan 20 00:46 3 -> /data/log/baseserver-7664-20200120004646.log (deleted)
l-wx------ 1 root root 64 Jan 20 00:46 5 -> /data/log/baseserver-7664-20200120004646.log (deleted)
拷貝3,5節點,即可get到我們要的日誌文件,如下:
[root@ecs-1343-0001 fd]# cp 3 ~/baseserver_zsy.log.bak1
[root@ecs-1343-0001 fd]# cp 5 ~/baseserver_zsy.log.bak2
[root@ecs-1343-0001 fd]#
以上,便完美的解決日誌被誤刪除的問題。。。