【堡垒机】JumpServer查询日志方法
1 概述本文主要介绍 JumpServer 各组件查询日志的方法。
2 操作步骤默认日志已经挂载到了持久化目录里面,也可以直接到持久化目录里面进行查看。
# JumpServer v3版本,默认持久化目录为 /data/jumpserver# JumpServer v2版本,默认持久化目录为 /opt/jumpserverls -al /data/jumpserver/core/logsls -al /data/jumpserver/koko/data/logsls -al /data/jumpserver/lion/data/logsls -al /data/jumpserver/nginx/data/logs2.1 Core 组件Core 组件是 JumpServer 的核心组件,其他组件依赖此组件启动。
docker logs -f jms_core --tail 200# 如果需要进入容器操作docker exec -it jms_core bashcd /opt/jumpserver/logsls -altotal 8860drwxr-xr-x. 9 root root 4096 3月 15 23:59 .drwxr-xr-x. 1 root root 29 3月 2 17:08 ..drwxr-xr-x. 2 root root 112 3月 9 23:59 2023-03-09 # 历史日志,按天切割drwxr-xr-x. 2 root root 112 3月 10 23:59 2023-03-10drwxr-xr-x. 2 root root 112 3月 11 23:59 2023-03-11drwxr-xr-x. 2 root root 112 3月 12 23:59 2023-03-12drwxr-xr-x. 2 root root 112 3月 13 23:59 2023-03-13drwxr-xr-x. 2 root root 112 3月 14 23:59 2023-03-14drwxr-xr-x. 2 root root 112 3月 15 23:59 2023-03-15-rw-r--r--. 1 root root 0 2月 3 11:03 ansible.log-rw-r--r--. 1 root root 109899 3月 16 16:22 beat.log-rw-r--r--. 1 root root 24716 3月 16 14:15 celery_ansible.log-rw-r--r--. 1 root root 344414 3月 16 16:22 celery_default.log-rw-r--r--. 1 root root 1 3月 16 02:00 celery.log-rw-r--r--. 1 root root 34788 2月 28 10:45 daphne.log-rw-r--r--. 1 root root 12502 2月 28 10:40 drf_exception.log-rw-r--r--. 1 root root 0 3月 15 23:59 flower.log-rw-r--r--. 1 root root 1934510 3月 16 16:22 gunicorn.log-rw-r--r--. 1 root root 5774260 3月 16 14:00 jumpserver.log # core 日志主要看这个-rw-r--r--. 1 root root 273249 3月 16 11:29 unexpected_exception.log# 如果无异常也可以查看其他的 log 是否有异常, 注意 log 的时间tail -f jumpserver.log -n 200# 在发日志给其他人员协助排错时,注意需要完整的日志,参考此处:2023-03-16 11:29:32 [log ERROR] Internal Server Error: /api/v1/accounts/accounts/su-from-accounts/ # <---- 1 2 3 6 16 22 58 1001 1005 1006 220476 注意开始时间一定要有traceback (most recent call last): file " usr local lib python3.9 site-packages asgiref sync.py", line 486, in thread_handler raise exc_info[1] django core handlers exception.py", 38, inner response="await" get_response(request) base.py", 233, _get_response_async wrapped_callback(request, *callback_args, **callback_kwargs) 448, __call__ ret="await" asyncio.wait_for(future, timeout="None)···" opt jumpserver apps accounts api account account.py", 47, su_from_accounts common filter.py", 35, filter_queryset queryset="backend().filter_queryset(self.request," queryset, self) django_filters rest_framework backends.py", 90, filterset="self.get_filterset(request," view) 31, get_filterset filterset_class="self.get_filterset_class(view," queryset) 64, get_filterset_class assert issubclass(queryset.model, filterset_model), \attributeerror: 'list' object has no attribute 'model' # <---- 有些用户会只发这一条,这是错误的2023-03-16 11:46:32 [connection error] unsubscribe msg error: 'nonetype' 'clear_connect_callbacks' 到下一个时间这中间的所有报错都要完整的发送# 给其他人发送诊断日志时,请遵循此规则,如果是同一时间段内出现的多个报错,请根据时间点完整发送。# 如果是重复的日志,请先自行去重。2.2 koko 组件koko 是服务于类 unix 系统平台的组件,通过 ssh,telnet 协议提供字符型连接。 docker logs -f jms_koko --tail 200# 如果需要进入容器操作docker exec -it bashcd data logsls -altotal 216drw-------. root 2月 11:07 .drwxr-xr-x. ..-rw-r--r--. 3月 16:33 koko.log 日志tail -n 日志2023-03-16 16:21:22 [erro] ws[cd4a6c4f-5cc3-450b-a2fd-cbda9415b0ae] read err: websocket: close (no status)2023-03-16 16:21:32 ws[24d1ae87-291a-4c90-8dac-8af59df60e1d] (going away)2023-03-16 session[dc6946af-e8ff-498b-8bf7-a1d2bdb9bd40] user io: write on closed pipe2023-03-16 srv eof2023-03-16 16:21:35 send message sent2023-03-16 16:21:39 ws[40ab251b-5cd3-4baa-bbf2-fe18f35c3b16] (abnormal closure): unexpected connect tcp 192.168.250.8:5000->192.168.250.6:36540: use of closed network connection2023-03-16 16:22:08 [ERRO] Get new ssh client err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain2023-03-16 16:22:08 [ERRO] ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain2023-03-16 16:22:08 [ERRO] 开始连接到 root(ssh key)@10.1.13.27 error: 认证失败(用户名或密码错误)2.3 Lion 组件Lion 是服务于 Windows 系统平台的组件,用于 Web 端访问 Windows 资产。
docker logs -f jms_lion --tail 200# 如果需要进入容器操作docker exec -it jms_lion bashcd /opt/lion/data/logsls -altotal 116drwxr-xr-x. 2 root root 39 Feb 22 22:23 .drwxr-xr-x. 7 root root 71 Feb 3 11:07 ..-rw-r--r--. 1 root root 3499 Mar 15 22:13 guacd.log-rw-r--r--. 1 root root 113517 Mar 16 16:30 lion.log # lion 日志tail -f lion.log -n 200# lion 日志2023-03-15 22:44:33 tunnel conn.go [ERROR] Session[0eb6c532-73b2-42a4-b6ca-94e789d68a15] receive web client disconnect opcode2023-03-15 22:44:33 tunnel conn.go [ERROR] Session[0eb6c532-73b2-42a4-b6ca-94e789d68a15] web client read err: websocket: close 1005 (no status)2023-03-15 22:44:33 tunnel conn.go [ERROR] Session[0eb6c532-73b2-42a4-b6ca-94e789d68a15] guacamole server read err: EOF2023-03-15 22:45:30 tunnel conn.go [ERROR] Session[72e804c3-be37-409e-b857-cbde83b41a0a] receive web client disconnect opcode2023-03-15 22:45:30 tunnel conn.go [ERROR] Session[72e804c3-be37-409e-b857-cbde83b41a0a] web client read err: websocket: close 1005 (no status)2023-03-15 22:45:30 tunnel conn.go [ERROR] Session[72e804c3-be37-409e-b857-cbde83b41a0a] send web client err: websocket: close sent2023-03-15 22:45:31 tunnel conn.go [ERROR] Session[dfd382ad-533b-4e6b-9ba6-f1ec4c6bdb23] receive web client disconnect opcode2023-03-15 22:46:29 tunnel conn.go [ERROR] Session[b8df0c15-d2e7-4b27-a56d-5d66108d2f0d] web client read err: websocket: close 1005 (no status)2023-03-15 22:46:29 tunnel conn.go [ERROR] Session[b8df0c15-d2e7-4b27-a56d-5d66108d2f0d] guacamole server read err: EOF2023-03-16 15:39:16 main main.go [ERROR] Ws client read err: websocket: close 1006 (abnormal closure): unexpected EOF2023-03-16 15:39:16 main main.go [ERROR] Ws heart beat closed, try reconnect after 10s2023-03-16 16:30:40 tunnel conn.go [ERROR] Session[e5262183-e959-441d-ba1a-34c29733c1fe] receive web client disconnect opcode2023-03-16 16:30:40 tunnel conn.go [ERROR] Session[e5262183-e959-441d-ba1a-34c29733c1fe] web client read err: websocket: close 1005 (no status)2023-03-16 16:30:40 tunnel conn.go [ERROR] Session[e5262183-e959-441d-ba1a-34c29733c1fe] send web client err: websocket: close sent2.4 Web 组件Web 组件用于提供 JumpServer 的前端页面。
docker logs -f jms_web --tail 200# 如果需要进入容器操作docker exec -it jms_web shcd /var/log/nginxls -altotal 8776drwxr-xr-x. 2 root root 4096 Mar 16 06:25 .drwxr-xr-x. 1 root root 70 Mar 2 17:11 ..-rw-r-----. 1 nginx adm 1700469 Mar 16 16:45 access.log-rw-r-----. 1 nginx adm 4235610 Mar 16 06:24 access.log.1-rw-r-----. 1 nginx adm 0 Mar 16 06:25 error.log-rw-r-----. 1 nginx adm 3773 Mar 16 06:25 error.log.1-rw-r--r--. 1 nginx root 0 Feb 3 11:07 tcp-access.logtail -f error.log -n 200# nginx 日志2023/03/15 20:03:52 [warn] 58#58: *174753 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/4/05/0000000054 while reading upstream, client: 10.1.10.35, server: , request: "GET /core/flower/static/js/jquery-ui-1-8-15.min.js?v=947f1df57c47a338b395e07e3f09b17b7088577ed958bd64e8519a6579cd252d14e60d78f42786164faa2fa51265c0ba9ef517ccee583c9d37603a671dbbf95d HTTP/1.1", upstream: "http://192.168.250.3:8080/core/flower/static/js/jquery-ui-1-8-15.min.js?v=947f1df57c47a338b395e07e3f09b17b7088577ed958bd64e8519a6579cd252d14e60d78f42786164faa2fa51265c0ba9ef517ccee583c9d37603a671dbbf95d", host: "xxx.xxx.com", referrer: "https://xxx.xxx.com/core/flower/?_=1678881720571"2023/03/15 20:03:52 [warn] 61#61: *174793 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/5/05/0000000055 while reading upstream, client: 10.1.10.35, server: , request: "GET /core/flower/static/js/moment-timezone-with-data.min.js?v=4762b13071ca18e6c83105de008e54f6009a43d849e103d14c06535564066d9c7984d95233c631393a3c476c2bd4931c5f031d8e56eccaa18a08348e409f3b4d HTTP/1.1", upstream: "http://192.168.250.3:8080/core/flower/static/js/moment-timezone-with-data.min.js?v=4762b13071ca18e6c83105de008e54f6009a43d849e103d14c06535564066d9c7984d95233c631393a3c476c2bd4931c5f031d8e56eccaa18a08348e409f3b4d", host: "xxx.xxx.com", referrer: "https://xxx.xxx.com/core/flower/?_=1678881720571"2.5 Celery 组件Celery 是处理异步任务的组件,用于执行 JumpServer 相关的自动化任务。
# 如果需要进入容器操作docker exec -it jms_celery bashcd /opt/jumpserver/logsls -altotal 8772drwxr-xr-x. 9 root root 4096 3月 15 23:59 .drwxr-xr-x. 1 root root 29 3月 2 17:08 ..drwxr-xr-x. 2 root root 112 3月 9 23:59 2023-03-09drwxr-xr-x. 2 root root 112 3月 10 23:59 2023-03-10drwxr-xr-x. 2 root root 112 3月 11 23:59 2023-03-11drwxr-xr-x. 2 root root 112 3月 12 23:59 2023-03-12drwxr-xr-x. 2 root root 112 3月 13 23:59 2023-03-13drwxr-xr-x. 2 root root 112 3月 14 23:59 2023-03-14drwxr-xr-x. 2 root root 112 3月 15 23:59 2023-03-15-rw-r--r--. 1 root root 0 2月 3 11:03 ansible.log-rw-r--r--. 1 root root 110838 3月 16 16:31 beat.log-rw-r--r--. 1 root root 24716 3月 16 14:15 celery_ansible.log # celery 日志看 celery_ 开头的-rw-r--r--. 1 root root 347225 3月 16 16:31 celery_default.log-rw-r--r--. 1 root root 1 3月 16 02:00 celery.log-rw-r--r--. 1 root root 34788 2月 28 10:45 daphne.log-rw-r--r--. 1 root root 12502 2月 28 10:40 drf_exception.log-rw-r--r--. 1 root root 0 3月 15 23:59 flower.log-rw-r--r--. 1 root root 2191794 3月 16 16:31 gunicorn.log-rw-r--r--. 1 root root 5774365 3月 16 16:28 jumpserver.log-rw-r--r--. 1 root root 273249 3月 16 11:29 unexpected_exception.logtail -f celery_default.log -n 200# celery 日志>> Set language to zh>> Set org to 00000000-0000-0000-0000-000000000000Task settings.tasks.ldap.import_ldap_user[d716aaa1-2c7b-40e7-a6da-346e6875034f] succeeded in 0.5366005189716816s: NoneTask settings.tasks.ldap.import_ldap_user[e0fd1b82-3d28-433a-994d-cb075684d396] received>> Set language to zh>> Set org to 00000000-0000-0000-0000-000000000000Task settings.tasks.ldap.import_ldap_user[e0fd1b82-3d28-433a-994d-cb075684d396] succeeded in 0.5023798840120435s: NoneTask settings.tasks.ldap.import_ldap_user[193e3682-7968-4cec-827a-ced3082dcdc2] received>> Set language to zh>> Set org to 00000000-0000-0000-0000-000000000000Task settings.tasks.ldap.import_ldap_user[193e3682-7968-4cec-827a-ced3082dcdc2] succeeded in 0.5524193355813622s: NoneTask settings.tasks.ldap.import_ldap_user[67191c1d-e779-4b37-a67e-ca78c3217610] received>> Set language to zh>> Set org to 00000000-0000-0000-0000-000000000000Task settings.tasks.ldap.import_ldap_user[67191c1d-e779-4b37-a67e-ca78c3217610] succeeded in 0.3798262616619468s: None
作者最新文章
社会TOP
社会最新文章
热门分类