Shulou(Shulou.com)06/03 Report--

Linux file system

When dealing with all kinds of faults in Linux system, the symptom of the fault is the most easy to find, and the cause of this fault is the key to the final troubleshooting. Being familiar with the common log files in Linux system and understanding the analysis and solutions of general faults will help administrators to quickly locate the fault point, "prescribe the right medicine to the case", and solve various system problems in time.

Detailed explanation of inode and block

The file is stored on the hard disk, and the minimum storage unit of the hard disk is "sector". Each sector stores 512 bytes.

File data includes meta-information and actual data

The meta-information contains the file attribute information, and the input content of the file is the actual data.

Block (block)

Eight consecutive sectors form a block (4k) is the smallest unit of file access inode (index node) is translated as "index node", that is, I node is used to store file meta-information

The content of inode inode contains the meta-information of the file, the number of bytes of the file, the time stamp of the read, write, and execute permission file of the Group ID file owned by the User ID file. Use the stat command to view inode information [root@localhost mnt] # stat abc.txt / / View abc file inode information file: "abc.txt" size: 12: 8 IO block: 4096 ordinary file device: 802h/2050d Inode:18123362 hard link: 1 permission: (0644 Gid: (0 / root) Gid: ( 0 / root) Environment: unconfined_u:object_r:mnt_t:s0 recent access: 2019-09-02 04Partition 12 ctime 18.210370997 + 0800 recent changes: 2019-09-02 04purl 18.210370997 + 0800 recent changes: 2019-09-02 04purl 1218.210370997 + 0800 creation time:-three main time attributes of Linux system files ctime (change time): the last time a file or directory (attribute) was changed Inter-atime (access time): the last time a file or directory was accessed mtime (modify time): the structure of the file or directory (content) is also the structure of the file directory

Each inode has a number. The operating system uses the inode number to identify different files. The Linux system does not use the file name, but uses the inode number to identify the file. For the user, the file name is just the number of the alias inode that the inode number is easy to identify.

The internal process of the system when a user opens a file through a file name

The system finds the inode number corresponding to the file name through the inode number, obtains the inode information according to the inode information, finds the block where the file data is located, reads the data to view the inode number, ls-I command: view the inde number corresponding to the file name [root@localhost mnt] # ls-I abc.txt / / View the size of the file node information 18123362 abc.txtinode

Inode also consumes hard disk space, the size of each inode, usually 128byte or 256byte

Determine the total number of inode when formatting a file system

Use the df-I command to view the total number of inode per hard disk partition and the number of partitions that have been used [root@localhost mnt] # df-I / / View partition node information file system Inode is used (I) available (I) used (I)% mount point / dev/sda2 10485760 121203 10364557 2 / devtmpfs 229708 376,2293321% / devtmpfs 233381 1 233380 1 per cent / dev/shmtmpfs 233381 560 232821 1 per cent / runtmpfs 233381 16 233365 1 per cent / sys/fs/cgroup/dev/sda5 5241856 146 52417101 per cent / home/dev/sda1 3145728 328 3145400 1 per cent / boottmpfs 233381 6 233375 1% / run/user/42tmpfs 233381 17 233364 1% / run/user/0/dev/sr0 0 233364-/ Special function of run/media/root/CentOS 7 x86_64inode due to the separation of inode numbers from file names As a result, some Linux systems have the following phenomena: when the file name is replaced with special characters, the file may not be deleted normally, and the inode may be deleted directly. You can also delete files by node number: find. / *-inum [node number]-delete [root@localhost mnt] # ls-i16777284 ac1.txt 18123362 ac2.txt 18123366 ac3.txt 18123370 ac4.txt 18123371 ac5.txt [root@localhost mnt] # find. / *-inum 16777284-delete [root@localhost mnt] # ls-i18123362 ac2.txt 18123366 ac3.txt 18123370 ac4.txt 18123371 ac5.txt only change the file name when you move or rename the file Does not affect the inode number [root@localhost mnt] # ls-i18123362 ac2.txt 18123366 ac3.txt 18123370 ac4.txt 18123371 ac5.txt [root@localhost mnt] # mv ac2.txt / opt [root@localhost mnt] # ls-I / opt18123362 ac2.txt 1389838 rh after opening a file, the system identifies the file by inode number, regardless of the simple process of accessing the file by the file name

Backup and recovery of xfs type files

The recovery of xfs files requires us to back up the files to another disk first, and when the files are damaged, we can restore them through the backup files (the backup files are backed up by compressing the files in a fixed format).

Files of type xfs can be backed up and restored using xfsdump and xfsrestore tools. If the xfsdump and xfsrestore tools are not installed in the system, you can install the tools through yum. [root@localhost mnt] # yum install xfsdump-y loaded plug-in: fastestmirror LangpacksLoading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: centos.ustc.edu.cn * updates: centos.ustc.edu.cn is resolving dependencies-- > checking transactions-- > package xfsdump.x86_64.0.3.1.4-1.el7 will be upgraded-- > package xfsdump.x86_64.0.3.1.7-1.el7 will be updated. / / omit some of the contents.

Command format

Xfsdump-f backup location path or device file to be backed up

There are two backup levels for xfsdump

0: full backup (default is 0) 1: 9: backup parameters commonly used in incremental backup-f: specify backup file directory-L: specify label session label-M: specify device label media label-s: back up a single file,-s cannot be followed directly by the path. [root@localhost ~] # fdisk / dev/sdb / / Welcome to use fdisk (util-linux 2.23.2) to create a new disk. The changes remain in memory until you decide to write them to disk. Think twice before using the write command. Device does not contain a recognized partition table uses the disk identifier 0x57599cea to create a new DOS disk label. Command (enter m for help): nPartition type: P primary (0 primary, 0 extended, 4 free) e extendedSelect (default p): P partition number (1-4, default 1): start sector (2048-41943039, default is 2048): the default value 2048Last sector will be used, + sector or + size {KMagg G} (2048-41943039, default is 41943039): will use the default value 41943039 partition 1 has been set to Linux type Set the size to 20 GiB command (enter m for help): wThe partition table has been altered calling ioctl () to re-read partition table. Synchronizing disks. [root@localhost ~] # mkfs.xfs / dev/sdb1 / / format disk meta-data=/dev/sdb1 isize=512 agcount=4, agsize=1310656 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0data = bsize=4096 blocks=5242624 Imaxpct=25 = sunit=0 swidth=0 blksnaming = version 2 bsize=4096 ascii-ci=0 ftype=1log = internal log bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1realtime = none extsz=4096 blocks=0 Rtextents=0 [root@localhost ~] # mkdir / opt/data / / create mount point [root@localhost ~] # mount / dev/sdb1 / opt/data / / Mount the created disk [root@localhost ~] # cp / etc/passwd / opt/data / / copy the passwdd directory to the mounted disk [root@localhost ~] # ls / opt/data / / View the file passwd [root@localhost ~] # xfsdump-f / Mnt/xfs_dump / dev/sdb1 / / use the command to back up the file xfsdump: using file dump (drive_simple) strategyxfsdump: version 3.1.7 (dump format 3.0)-type ^ C for status and control = = dump label dialog = = please enter label for this dump session (timeout in 300 sec)-> xfs_dump / / enter the backup file name session label entered: "xfs_dump"- End dialog-- xfsdump: level 0 dump of localhost.localdomain:/opt/dataxfsdump: dump date: Mon Sep 2 05:27:29 2019xfsdump: session id: 96c17954-e969-4041-9d9e-4bd59746ddabxfsdump: session label: "xfs_dump" xfsdump: ino map phase 1: constructing initial dump listxfsdump: ino Map phase 2: skipping (no pruning necessary) xfsdump: ino map phase 3: skipping (only one dump stream) xfsdump: ino map construction completexfsdump: estimated dump size: 25216 bytesxfsdump: / var/lib/xfsdump/inventory created = = media label dialog = = please enter label for media in drive 0 (timeout in 300 sec)-> sdb1 / / enter the device to be backed up media label entered: "sdb1"- -end dialog-- xfsdump: creating dump session media file 0 (media 0 File 0) xfsdump: dumping ino mapxfsdump: dumping directoriesxfsdump: dumping non-directory filesxfsdump: ending media filexfsdump: media file size 24264 bytesxfsdump: dump size (non-dir files): 2592 bytesxfsdump: dump complete: 13 seconds elapsedxfsdump: Dump Summary:xfsdump: stream 0 / mnt/xfs_dump OK (success) xfsdump: Dump Status: SUCCESS / / backup successful [root@localhost ~] # rm-rf / opt/data/* / delete files on disk [root @ localhost ~] # ls / opt/data / / check whether the file is deleted [root@localhost ~] # xfsrestore-f / mnt/xfs_dump / opt/data / / execute the command to restore the file xfsrestore: using file dump (drive_simple) strategyxfsrestore: version 3.1.7 (dump format 3.0)-type ^ C for status and controlxfsrestore: searching media for dumpxfsrestore: examining media file 0xfsrestore: dump description: xfsrestore: hostname: localhost.localdomainxfsrestore: mount point: / Opt/dataxfsrestore: volume: / dev/sdb1xfsrestore: session time: Mon Sep 2 05:27:29 2019xfsrestore: level: 0xfsrestore: session label: "xfs_dump" xfsrestore: media label: "sdb1" xfsrestore: file system id: 2e3df4e8-dd92-46f7-84ca-f254c4e579bdxfsrestore: session id: 96c17954-e969-4041-9d9e-4bd59746ddabxfsrestore: media id: d27aafc8-a405-4a8f-b7f0-1a018a7026eexfsrestore: using online session inventoryxfsrestore: searching media for directory dumpxfsrestore: reading directoriesxfsrestore: 1 directories and 1 entries processedxfsrestore: directory post-processingxfsrestore: restoring non-directory filesxfsrestore : restore complete: 0 seconds elapsedxfsrestore: Restore Summary:xfsrestore: stream 0 / mnt/xfs_dump OK (success) xfsrestore: Restore Status: SUCCESS [root@localhost ~] # ls / opt/data / / check whether files are restored passwd / / the restrictions used by xfsdump to restore files successfully can only back up mounted file systems with root permissions to operate only XFS text backup The data after a system backup can only be parsed by xfsrestore and cannot be backed up by two file system logs with the same UUID. All kinds of events that occur during the operation of the program by reading the log Help to diagnose and solve the classification of system fault log files

Kernel and system log

It is managed by the system service syslog, and the log format is basically similar.

User log

Log files that record information about system users logging in and logging out of the system. Log files are independently managed by various applications. The record format is not uniform and the log storage location is located in / var/log directory by default. The main log files are introduced.

Kernel and Common message Log: / var/log/messages

Scheduled task log: / var/log/cron

System boot log: / var/log/dmesg

Mail Syslog: / var/log/maillog

User login log: / var/log/lastlog, / var/log/secure, / var/log/wtmp, / var/run/btmp logs are managed by system service rsyslogd unified management package: reyelog-7.4.7-16.el7.x86_64 main program: / sbin/rsyslogd configuration file: / etc/rsyslog.conf [root@localhost ~] # vim / etc/rsyslog.conf / / View log file configuration information # rsyslog configuration file# For more information see / usr/share/doc/rsyslog-*/rsyslog_conf.html# If you experience problems See http://www.rsyslog.com/doc/troubleshoot.html#### MODULES # The imjournal module bellow is now used as a message source instead of imuxsock.$ModLoad imuxsock # provides support for local system logging (e.g. Via logger command) $ModLoad imjournal # provides access to the systemd journal#$ModLoad imklog # reads kernel messages (the same are read from journald) # $ModLoad immark # provides-MARK-- message capability# Provides UDP syslog reception#$ModLoad imudp#$UDPServerRun 51 "Provides TCP syslog reception#$ModLoad imtcp#$InputTCPServerRun 514" # # GLOBAL DIRECTIVES # Where to place auxiliary files$WorkDirectory / var/lib/rsyslog# Use default timestamp format$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat...// omits some contents... [root@localhost ~] # cd / var/log / / View the log file directory [root@localhost log] # lsanaconda dmesg libvirt rhsm tallylog Xorg.0.logaudit dmesg.old maillog sa Tuned Xorg.0.log.oldboot.log firewalld messages samba vmware-vgauthsvc.log.0 Xorg.1.logbtmp gdm ntpstats secure vmware-vmsvc.log Xorg.9.logchrony glusterfs pluto speech-dispatcher vmware-vmusr.log yum.logcron grubby_prune_debug ppp Spooler wpa_supplicant.logcups lastlog qemu-ga sssd wtmp

View Syslog files

[root@localhost log] # vim messages / / View Syslog files Aug 10 03:53:40 localhost journal: Runtime journal is using 8.0m (max allowed 91.1m Trying to leave 136.7M free of 903.6M available → current limit 91.1m). Aug 10 03:53:40 localhost kernel: Initializing cgroup subsys cpusetAug 10 03:53:40 localhost kernel: Initializing cgroup subsys cpuAug 10 03:53:40 localhost kernel: Initializing cgroup subsys cpuacctAug 10 03:53:40 localhost kernel: Linux version 3.10.0-693.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) # 1 SMP Tue Aug 22 21:09:27 UTC 2017Aug 10 03:53:40 localhost kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-693.el7.x86_64 root=UUID=729c9a26-dfdc-40f9-ae91-1ade55be51bb ro crashkernel=auto rhgb quiet LANG=zh_CN.UTF-8Aug 10 03:53:40 localhost kernel: Disabled fast string operationsAug 10 03:53:40 localhost kernel: E820: BIOS-provided physical RAM map:Aug 10 03:53:40 localhost kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] UsableAug 10 03:53:40 localhost kernel: BIOS-e820: [mem 0x000000000009ec00-0x000000000009ffff] reservedAug 10 03:53:40 localhost kernel: BIOS-e820: [mem 0x00000000000dc000-0x00000000000fffff] reserved...// omit part.. last command to view user login log [root@localhost log] # lastroot pts/0 192.168.144.1 Mon Sep 2 05:17 still logged in reboot system boot 3.10.0-693.el7.x Mon Sep 2 05:17-05:58 (00:40) root pts/0 192.168.144.1 Mon Sep 2 04:11-crash (01:05) root: 0: 0 Mon Sep 2 04:11-crash (01:05) reboot system boot 3.10.0-693.el7.x Mon Sep 2 04crash 10-05 root Pts/0: 0 Sun Aug 25 01:10-01:10 (00:00) root: 0:0 Sun Aug 25 01:10-crash (80.03root 00)... / / omit part of the content... lastb to view the log of user logins [root@localhost log] # lastbroot: 0:0 Sun Aug 25 01:10-01:10 (00:00) root: 1:1 Sat Aug 10 06:26-06:26 (00:00) btmp begins Sat Aug 10 06:26:22 2019

View the program log file

1. Install the httpd service, build the Apache website service, and then turn off the firewall so that the host can access it.

[root@localhost ~] # yum install httpd-y / / install the httpd service loaded plug-in: fastestmirror LangpacksLoading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: centos.ustc.edu.cn * updates: centos.ustc.edu.cn is resolving dependencies-- > checking transactions-- > package httpd.x86_64.0.2.4.6-89.el7.centos.1 will be installed. / / omit some of the contents. [root@localhost ~] # systemctl start httpd / / on Start the service [root@localhost ~] # systemctl stop firewalld.service / / turn off the firewall [root@localhost ~] # setenforce 0 [root@localhost ~] # cd / var/log / / View the log file directory See if the httpd log file directory [root@localhost log] # lsanaconda dmesg lastlog qemu-ga sssd wtmpaudit dmesg.old libvirt rhsm tallylog Xorg.0.logboot.log firewalld maillog sa tuned Xorg.0.log.oldbtmp is generated Gdm messages samba vmware-vgauthsvc.log.0 Xorg.1.logchrony glusterfs ntpstats secure vmware-vmsvc.log Xorg.9.logcron grubby_prune_debug pluto speech-dispatcher vmware-vmusr.log yum.logcups httpd ppp spooler wpa_supplicant.log

2. After visiting the built website through the host, view the log file of the system program

[root@localhost log] # cd httpd / / enter the httpd program directory [root@localhost httpd] # ls access_log error_ log [root @ localhost httpd] # vim access_log / / View the program log file 192.168.144.1-- [02/Sep/2019:06:12:48 + 0800] "GET / noindex/css/bootstrap.min.css HTTP/1.1" 19341 "http://192.168.144.133/"" Mozilla/5.0 (Windows NT 10.0 Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 "192.168.144.1-- [02/Sep/2019:06:12:48 + 0800]" GET / noindex/css/open-sans.css HTTP/1.1 "5081" http://192.168.144.133/"Mozilla/5.0 (Windows NT 10.0; Win64 X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 "192.168.144.1-- [02/Sep/2019:06:12:48 + 0800]" GET / images/apache_pb.gif HTTP/1.1 "2326" http://192.168.144.133/"Mozilla/5.0 (Windows NT 10.0; Win64 X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 "192.168.144.1-- [02/Sep/2019:06:12:48 + 0800]" GET / images/poweredby.png HTTP/1.1 "3956" http://192.168.144.133/"Mozilla/5.0 (Windows NT 10.0; Win64 X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 "192.168.144.1-- [02/Sep/2019:06:12:48 + 0800]" GET / noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1 "404241" http://192.168.144.133/noindex/css/open-sans.css"Mozilla/5.0 (Windows NT 10.0; Win64 X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 "192.168.144.1-- [02/Sep/2019:06:12:48 + 0800]" GET / noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1 "404239" http://192.168.144.133/noindex/css/open-sans.css"Mozilla/5.0 (Windows NT 10.0; Win64 X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 "192.168.144.1-- [02/Sep/2019:06:12:48 + 0800]" GET / noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1 "404 238" http://192.168.144.133/noindex/css/open-sans.css"Mozilla/5.0 (Windows NT 10.0; Win64 X64) level of log message 0 EMERG (emergency): situation that can cause the host system to become unavailable 1 ALERT (warning): immediate action must be taken to solve the problem 2 CRIT (serious): more serious case 3 ERR (error): run error 4 WARNING (reminder): event 5 NOTICE that may affect system function (note): does not affect the system but deserves attention 6 INFO (message): General information 7 DEBUG (debugging): programmer debugging information log management strategy timely backup and archiving extended log retention period control log access log may contain all kinds of sensitive information Centralized management logs such as accounts, passwords, etc.

Send the log files of the server to the unified log file server

It is convenient for the same collection, arrangement and analysis of log information to prevent accidental loss, malicious tampering or deletion of log information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.