How to restore a linux system deleted by mistake

How to restore a log file that has been deleted by mistake: As the saying goes, there will always be a tiger in the mountains. When you first enter the road operation and maintenance, there will always be a mistake. A mistake that a novice is easy to make is to delete the log file directly instead of deleting it. The content of the log file. However, directly deleting the log file often results in the newly generated log record being unable to be written to the log file, because it has been deleted, and just re-creating (touching) a file with the same name cannot solve the problem.

1. execute the following lsof command as the root user to query the process ID (PID) of the process that opened the/var/log/messages file:

From the output of the above command, it can be concluded that the PID of the process that opens the/var/log/messages file is 1195, and the file descriptor (FD) number of the file/var/log/messages is 6. According to the above PID and FD, you can Find the corresponding file in/proc:

Copy the file/proc/1195/fd/6 to/var/log/messages

cp/proc/1195/fd/6/var/log/messages

Then restart the rsyslog service to restore the accidentally deleted log file, and new log records can continue to be written to the log file. Run systemctl restart rsyslog as the root user and finally clear the log file: cat/dev/null >/var/log/messages

How to clear the/var/log/messages system log correctly:

Query the process ID (PID) of the process that opened the/var/log/messages file:

Then end the process of generating messages:

kill -9 1195

Clear the log and restart:

cat/dev/null>/var/log/messages

reboot