Today there is a small partner for help, online application nohup.out a log is not updated, but the process is still normal. At this point need to check the log to troubleshoot some problems, this may be how to do it?
Updated nohup.out files stay in the last 9:36, the log also happens to hit this point in time.
But where to go behind the log it? The question on the merits of easy ones, may be many reasons. For example, a file accidentally deleted, or renamed.
That do not have time to find a cause, emergency recovery log can it? Or without restarting the process, the logs look back?
The method is there, but was from / proc directory of linux.
Let's look at / proc directory action:
multiple file system information in the / proc file system is not provided for a particular process, but can be used in the context of the entire system range. Files can be used varies with system configuration. Procinfo command can display a variety of systems based on which some files information. The following files under / proc detailed description.
/ proc file system is a pseudo file system exists only among the memory, external memory without taking up space. It is the operating system kernel to access the data in a manner that provides an interface to the file system. Users and applications can be obtained by the information system proc, certain parameters may be changed and the kernel. Due to information systems, such as the process is dynamically changing, so the user or application reads the proc file, proc file system is a dynamic system kernel is read out from the required information and submit.
In simple terms, / store all information about all processes under proc directory, including of course the file information processes that are currently open. Find the corresponding process by the ps command PID, take a look at this process what are the corresponding directory information.
You can see the file directory, subdirectory is still relatively more. From problem, we only need to focus fd directory, all files in this directory error information related to the current process (note not just an ordinary file, there are socket and other information).
To search out if there nohup.out, actually really! But why show it is deleted? Devil know, do not own privately operated small partners do not recognize it?
都显示deleted了,怎么恢复呢?大家有没有看到这是一个软连接呢?软连接就是对原文件的一个连接,原文件删除时,只要软连接不删除,文件就不会被物理删除。
通过tail命令,居然有最新的日志内容!!!head命令看下呢?进程启动时候的日志也是有的。
是不是比较惊喜?这个目录居然有进程启动以来所有的日志?那么是不是可以恢复从昨天到现在所有的日志了呢?当然,这个日志文件太大了,我们只需要昨天到现在的日志。可以 用tail -200000 /proc/55160/fd/1把日志打印到另一个文件。至此,日志就全都找回来了。
我们总计一下解决这个问题的步骤:
1、通过ps命令找到进程的pid
2、去/proc目录下,找到进程打开的文件。ls -l /proc/${pid}/fd
3、/proc/${pid}/fd目录下找到丢失的文件。进行紧急修复