linux /var/log/sa 日志不断产生

本文详细介绍了Linux系统中/var/log/sa日志的工作原理及配置方法。这些日志由sysstat工具包生成,用于监控系统资源如CPU和内存的使用情况。文章还深入探讨了sysstat工具包中sa1、sa2和sadc的功能及其如何协同工作来收集和存储系统动态信息。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

linux /var/log/sa 日志

1./var/log/sa 日志由  sysstat 产生

        sysstat 是 Linux 系统中的常用工具包。它的主要用途是观察服务负载,比如CPU和内存的占用率、网络的使用率以及磁盘写入和读取速度等。

sysstat 工具包中包含两类工具:

  • 即时查看工具:iostat、mpstat、sar
  • 累计统计工具:sar

也就是说,sar 具有这两种功能。因此,sar 是 sysstat 中的核心工具。

为了实现 sar 的累计统计,系统必须周期地记录当时的信息,这是通过调用 /usr/lib/sa/ 中的三个工具实现的:

  • sa1 :收集并存储每天系统动态信息到一个二进制的文件中,用作 sadc 的前端程序
  • sa2 :收集每天的系统活跃信息写入总结性的报告,用作 sar 的前端程序
  • sadc :系统动态数据收集工具,收集的数据被写入一个二进制的文件中,它被用作 sar 工具的后端

在 CentOS 系统的默认设置中,以如下的方式使用这三个工具:

  1. 在守护进程 /etc/rc.d/init.d/sysstat 中使用 /usr/lib/sa/sadc -F -L - 命令创建当日记录文件,文件为 /var/log/sa/saDD,其中 DD 为当天的日期。当系统重新启动后,会向文件 /var/log/sa/saDD 输出类似 11:37:16 AM LINUX RESTART 这样的行信息。
  2. 在 cron 任务 /etc/cron.d/sysstat 中每隔10分钟执行一次 /usr/lib/sa/sa1 1 1 命令,将信息写入文件 /var/log/sa/saDD
  3. 在 cron 任务 /etc/cron.d/sysstat 中每天 23:53 执行一次 /usr/lib/sa/sa2 -A 命令,将当天的汇总信息写入文件 /var/log/sa/saDD

您可以修改 /etc/cron.d/sysstat 以适合您的需要。

另外,文件 /var/log/sa/saDD 为二进制文件,不能使用 more、less 等文本工具查看,必须用 sar 或 sadf 命令查看。

 

2. 配置

安装sysstat工具包后会自动每10分钟采集一次
脚本在/etc/cron.d/sysstat
默认只保留7天的文件
要保留更长时间要修改配置文件
有人觉得是修改/etc/sysconfig/sysstat这个文件,其实不是的
应该是/usr/lib/sa/sa2(64位/usr/lib64/sa/sa2),来看看里面的代码

HISTORY=7

 

 

参考

http://toeverybody.blog.163.com/blog/static/124128968201192994653769/

http://www.lxway.com/55116296.htm

 

root@1900-services:~# grep "Mar 21 09:" /var/log/syslog /var/log/messages 2>/dev/null /var/log/syslog:Mar 21 09:04:28 1900-services systemd[1]: Created slice User Slice of UID 1000. /var/log/syslog:Mar 21 09:04:28 1900-services systemd[1]: Starting User Runtime Directory /run/user/1000... /var/log/syslog:Mar 21 09:04:28 1900-services systemd[1]: Finished User Runtime Directory /run/user/1000. /var/log/syslog:Mar 21 09:04:28 1900-services systemd[1]: Starting User Manager for UID 1000... /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Queued start job for default target Main User Target. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Created slice User Application Slice. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Reached target Paths. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Reached target Timers. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Starting D-Bus User Message Bus Socket... /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Listening on GnuPG network certificate management daemon. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Listening on GnuPG cryptographic agent (ssh-agent emulation). /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Listening on GnuPG cryptographic agent and passphrase cache. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Listening on debconf communication socket. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Listening on REST API socket for snapd user session agent. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Listening on D-Bus User Message Bus Socket. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Reached target Sockets. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Reached target Basic System. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Reached target Main User Target. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[2771535]: Startup finished in 565ms. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[1]: Started User Manager for UID 1000. /var/log/syslog:Mar 21 09:04:29 1900-services systemd[1]: Started Session 176 of User owner. /var/log/syslog:Mar 21 09:05:01 1900-services CRON[2772305]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) /var/log/syslog:Mar 21 09:12:05 1900-services systemd[1]: session-176.scope: Deactivated successfully. /var/log/syslog:Mar 21 09:12:05 1900-services systemd[1]: session-176.scope: Consumed 4.389s CPU time. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: Stopping User Manager for UID 1000...
03-22
/var/log/syslog:Mar 21 09:12:15 1900-services systemd[2771535]: Closed debconf communication socket. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[2771535]: Closed REST API socket for snapd user session agent. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[2771535]: Removed slice User Application Slice. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[2771535]: Reached target Shutdown. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[2771535]: Finished Exit the Session. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[2771535]: Reached target Exit the Session. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: user@1000.service: Deactivated successfully. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: Stopped User Manager for UID 1000. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: Stopping User Runtime Directory /run/user/1000... /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: run-user-1000.mount: Deactivated successfully. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: user-runtime-dir@1000.service: Deactivated successfully. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: Stopped User Runtime Directory /run/user/1000. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: Removed slice User Slice of UID 1000. /var/log/syslog:Mar 21 09:12:15 1900-services systemd[1]: user-1000.slice: Consumed 5.014s CPU time. /var/log/syslog:Mar 21 09:15:01 1900-services CRON[2784927]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) /var/log/syslog:Mar 21 09:17:01 1900-services CRON[2787436]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) /var/log/syslog:Mar 21 09:25:01 1900-services CRON[2814245]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) /var/log/syslog:Mar 21 09:35:01 1900-services CRON[2826806]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) /var/log/syslog:Mar 21 09:45:01 1900-services CRON[2839390]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) /var/log/syslog:Mar 21 09:45:18 1900-services freshclam[743]: Fri Mar 21 09:45:18 2025 -> Received signal: wake up /var/log/syslog:Mar 21 09:45:18 1900-services freshclam[743]: Fri Mar 21 09:45:18 2025 -> ClamAV update process started at Fri Mar 21 09:45:18 2025 /var/log/syslog:Mar 21 09:45:18 1900-services freshclam[743]: Fri Mar 21 09:45:18 2025 -> daily.cld database is up-to-date (version: 27583, sigs: 2074188, f-level: 90, builder: raynman) /var/log/syslog:Mar 21 09:45:18 1900-services freshclam[743]: Fri Mar 21 09:45:18 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) /var/log/syslog:Mar 21 09:45:18 1900-services freshclam[743]: Fri Mar 21 09:45:18 2025 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman) /var/log/syslog:Mar 21 09:49:58 1900-services snapd[617]: storehelpers.go:954: cannot refresh: snap has no updates available: "core20", "lxd", "snapd" /var/log/syslog:Mar 21 09:55:01 1900-services CRON[2868671]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)系统服务日志
03-22
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值