Source: https://blog.mimvp.com/article/30995.html
Source of the problem: I found a number of system log junk files in the /var/log/journal/0ea734564f9a4e2881b677b82d679dfc directory. How to clean up?
There are two log services in CentOS system, traditional rsyslog and systemd-journal
ls -l /etc/logrotate.d/
-rw-r--r-- 1 root root 91 Apr 11 2018 bootlog
-rw-r--r-- 1 root root 160 Sep 15 2017 chrony
-rw-r--r-- 1 root root 138 Oct 30 2018 iptraf-ng
-rw-r--r-- 1 root root 187 Dec 27 2017 monit
-rw-r--r-- 1 root root 173 Mar 15 2013 monitorix
-rw-r--r-- 1 root root 868 Jul 28 08:22 mysql
-rw-r--r-- 1 root root 408 Aug 3 2017 psacct
-rw-r--r-- 1 root root 224 Oct 30 2018 syslog
-rw-r--r-- 1 root root 188 Oct 31 2018 vsftpd
-rw-r--r-- 1 root root 100 Oct 31 2018 wpa_supplicant
-rw-r--r-- 1 root root 103 Nov 5 2018 yum
systemd-journald is an improved log management Service that collects logs from the kernel, early system startup phases, standard output and error messages from system daemons during startup and running, and syslog logs.
The systemd-journal log service only stores the logs in a single-structure log file /run/log. Since the logs are binary data that has been compressed and formatted, it is very fast to view and locate.
By default, the logs are not persisted, and only a month's worth of logs will be retained.
In addition, some logs that rsyslog cannot collect will also be recorded by journal.
As a traditional system log service, rsyslog records all collected logs to various log files in the /var/log/ directory.
Common log files are as follows:
/var/log/messages Most system logs are recorded to this file
/var/log/secure All logs related to security and authentication and authorization are recorded to this file
/var/log/maillog Mail service Logs
/var/log/cron Logs of crond scheduled tasks
/var/log/boot.log Logs related to system startup
Some people once said: Linux does not have junk files, but Windows has junk files. In fact, this is not the case, both will There are junk files.
An operating system is a system that operates various files. It is impossible not to have log files, and it is even more impossible not to generate temporary files. Just like paper cutting, it is natural to temporarily generate some waste.
Whether there are junk files that take up space in Linux depends on how to judge, for example: log files and system files from several years ago or a few months ago are basically useless, are they considered junk files?
ls -lhm --full-time /var/log/journal/f9d400c5e1e8c3a8209e990d887d4ac1_bk_20190122/ | sort -k6 | head -n30
ls -lhm --full-time /var/log/journal/f9d1400c5e1e8c3a8209e990d887d201_bk
total 3.5G
-rw-rx---+ 1 root systemd-journal 64M 2018-03-28 01:36:01.010275802 +0800 system@00000000000000000000000000000000-00000 +100000002ca-000567d28
-f35cca7 root system journal 8.0M 2018-03-28 01:36:01.100275802 +0800 user-65534@4ee96b2fbd8b4a82beee0402402fee03-0000000000005419-000567f7fd08bd2f.journal
-rw-rx---+ 1 root systemd-journal 72M 2018-04-02 19:16:41.644934707 +0800 system@00000000000000000000000000000000-0000000000010a47-0005686852f561be.journal
-rw-rx---+ 1 root systemd-journal 8.0M 2018-04-02 19:16:41.714934707 +0800 user-65534@4ee96b2fbd8b4a82beee0402402fee03-0000000000011f98-00056872cab77761.journal
-rw-rx---+ 1 root systemd-journal 72M 2018-04-08 05:48:01.673026304 +0800 system@00000000000000000000000000000000-0000000000021c40-000568dbb97116ae.journal
-rw-rx---+ 1 root systemd-journal 72M 2018 -04-13 18:25:01.967846109 +0800 system@00000000000000000000000000000000-0000000000033800-00056949207ae8a1.journal
-rw-rx---+ 1 root systemd-journal 72M 2018-04-18 04:12:35.385621922 +0800 system@00000000000000000000000000000000- 0000000000045c3e-000569b848f6f86c.journal How to
view junk files
The root partition of the hard disk is found to be out of space before cleaning, use du -t 100M /var or journalctl --disk-usage command to check
du -t 100M /var/log/
3604336 /var/log/journal/f0f31005fb5a436d88e3c6cbf54e25aa
3604344 /var/log/journal
5291552 /var/log/
#journalctl --disk-usage
Archived and active journals take up 1.1G on disk.
It is found that the /var/log/journal log file occupies nearly 3G space, and the volume of each log file is as high as 8-128M. These log files record the systemd situation for a long time. worthless
journalctl --vacuum-size=10M
After ordering to clean it up, 2.7G of space was freed up.
Use the df command to check, the /root partition is indeed much more spacious.
View and sort the file size of a directory (in MB)
du -hm --max-depth=1 /var/ | sort -n
du -hm --max-depth=1 /var/ | sort -n
1 /var/adm
1 /var/crash
1 /var/db
1 /var/empty
1 /var/games
1 /var/gopher
1 /var/kerberos
1 /var/local
1 /var/nis
1 /var/opt
1 /var/preserve
1 /var/spool
1 /var/tmp
1 /var/yp
131 /var/www
198 /var/lib
486 /var/cache
3695 /var/log
8513 /var/
empty /var/log/ The method of journal file
1. Use the echo command to redirect the empty string content to the specified file
echo "" > system.journal
Description: This method will only be emptied once, and it is very troublesome to manually empty it again after a period of time, here you can Use the following commands to let journalctl automatically maintain the space
2. The journalctl command automatically maintains the file size
1) Only keep logs for nearly a week
journalctl --vacuum-time=1w
2) Only keep logs of 500MB
journalctl --vacuum-size=500M
3) Directly delete the log files in the /var/log/journal/ directory
rm -rf /var/log/journal/f9d400c5e1e8c3a8209e990d887d4ac1
Problems and analysis and solutions
Error when executing the journalctl command: Error was encountered while opening journal files: Input/output error
journalctl --vacuum-time=1w
Error was encountered while opening journal files: Input/output errorProblem
analysis: log file corruption
Solution: delete the previous log and restart the journalctl service
mv journal/f9d400c5e1e8c3a8209e990d887d4ac1 journal/f9d400c5e1e8c3a8209e990d887d4ac1_bk_20190122 systemctl log/
restart systemd-journald.service view
journal/ The log directory is as follows:
ll /var/log/journal/
drwxr-sr-x 2 root systemd-journal 4096 Jan 22 11:26 f9d400c5e1e8c3a8209e990d887d4ac1
drwxr-sr-x+ 2 root systemd-journal 12288 Jan 14 15:37 f9d400c5e1e8c3a8209e990d887d4ac1_bk_20190122然后
,再执行journalctl 限制日志的命令:
journalctl --vacuum-time =1w
Vacuuming done, freed 0B of archived journals on disk.
journalctl --vacuum-size=500M
Vacuuming done, freed 0B of archived journals on disk.