keepalived定制日志bug

源码安装

在/etc/rsyslog.d/目录下创建 keepalived的日志配置文件keepalived.conf

[root@ubuntu24-13:~]# vim /etc/rsyslog.d/keepalived.conf
[root@ubuntu24-13:~]# cat /etc/rsyslog.d/keepalived.conf
local6.* /var/log/keepalived.log
&~

注意：&~ 表示keepalived日志仅仅写入/var/log/keepalived.log中，不写入/var/log/syslog文件。

重启rsyslog服务
[root@ubuntu24-13:~]# systemctl restart rsyslog

keepalived启用日志功能

修改keepalived服务的启动参数

[root@ubuntu24-13:~]# vim /data/server/keepalived/etc/sysconfig/keepalived
[root@ubuntu24-13:~]# cat /data/server/keepalived/etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp               -P    Only run with VRRP subsystem.
# --check              -C    Only run with Health-checker subsystem.
# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
# --dump-conf          -d    Dump the configuration data.
# --log-detail         -D    Detailed log messages.
# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
#

KEEPALIVED_OPTIONS="-D -S 6"


注意：apt方式安装的默认配置文件在 /etc/default/keepalived

重启keepalived服务

[root@ubuntu24-13:~]# systemctl restart keepalived

查看日志效果，ubuntu在定制rsyslog的时候，启动过程中，可能会出现如下报错问题

[root@ubuntu24-13:~]# tail -f /var/log/syslog
2025-05-25T15:19:56.578749+08:00 ubuntu24-13 kernel: audit: type=1400 audit(1748157596.300:112): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="rsyslogd" pid=23454 comm="apparmor_parser"
2025-05-25T15:19:56.579101+08:00 ubuntu24-13 rsyslogd: warning: ~ action is deprecated, consider using the 'stop' statement instead [v8.2312.0 try https://www.rsyslog.com/e/2307 ]
2025-05-25T15:19:56.579778+08:00 ubuntu24-13 systemd[1]: Started rsyslog.service - System Logging Service.
2025-05-25T15:19:56.579845+08:00 ubuntu24-13 rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.2312.0]

原理解析

核心问题：
在 rsyslog 的配置中使用了旧语法 ~ 来终止日志处理，该语法在新版本（如 v8.2001 及以后）中已被弃用。
在做该实验之前，我们执行了 apt install rsyslog 软件，将软件更新到了8.2312.0版本

替代方案：
使用 stop 关键字替代 ~，使配置更清晰且符合官方推荐。

解决方法

[root@ubuntu24-13:~]# vim /etc/rsyslog.d/keepalived.conf
[root@ubuntu24-13:~]# cat /etc/rsyslog.d/keepalived.conf
local6.* /var/log/keepalived.log
# &~ 更改为stop
stop

查看效果

[root@ubuntu24-13:~]# systemctl restart rsyslog.service

如果按照上面的方法依然无法解决问题 – rsyslog 无法主动创建文件，那么按照如下方式解决

查看syslog的日志文件权限
[root@ubuntu24-13:~]# ll /var/log/syslog
-rw-r----- 1 syslog adm 474863 May 25 15:28 /var/log/syslog

手工创建文件和文件权限

[root@ubuntu24-13:~]# touch /var/log/keepalived.log
[root@ubuntu24-13:~]# chmod 640 /var/log/keepalived.log
[root@ubuntu24-13:~]# chown syslog:adm /var/log/keepalived.log

确认效果

[root@ubuntu24-13:~]# systemctl restart rsyslog.service
[root@ubuntu24-13:~]# ll /var/log/keepalived.log
-rw-r----- 1 syslog adm 144 May 25 15:28 /var/log/keepalived.log

apt安装

ubuntu24.04使用apt安装keepalived，定制日志

[root@ubuntu24-19:~]# apt -y install rsyslog keepalived

[root@ubuntu24-19:~]# touch /var/log/keepalived.log
[root@ubuntu24-19:~]# chmod 640 /var/log/keepalived.log
[root@ubuntu24-19:~]# chown syslog:adm /var/log/keepalived.log

配置文件修改
[root@ubuntu24-19:~]# vim /etc/rsyslog.d/keepalived.conf
if $programname == 'Keepalived' then /var/log/keepalived.log
& stop

endl