删除了linux系统上/var/log/messages该怎么?

  • 安装lsof
  • 查看/var/log/messages文件的进程pid,fd,command
  • 恢复/var/log/messages
  • 重启rsyslogd服务
# yum install lsof -y
# lsof|grep /var/log/messages
rsyslogd  12475          root    6w      REG                8,3    172822   33612673 /var/log/messages (deleted)
in:imjour 12475 12477    root    6w      REG                8,3    172822   33612673 /var/log/messages (deleted)
rs:main   12475 12478    root    6w      REG                8,3    172822   33612673 /var/log/messages (deleted)
# less /proc/12475/fd/6 > /var/log/messages  --此时文件已经恢复,但查看时还是显示delete
# systemctl restart rsyslog  --重启就正常了,但pid发生了变化