Hello, Lee.
On Tue, Feb 17, 2015 at 07:26:05PM +0100, lee wrote:
> Hi,
> how do you read the log files when using syslog-ng?
> The log file seem to be some sort of binary that doesn't display too
> well in less, and there doesn't seem to be any way to read them.
When I try "less /var/log/messages", less gives me what is basically a
hex dump of the file. I'm assuming you see the same.
less searches part of the buffer (presumably the first few KB) and if it
finds non-printable characters, uses an input filter first to convert to
the hex dump. This same filter is what enables less to expand
compressed files and man pages.
What I do is to disable this input filter with
# LESSOPEN="" less /var/log/messages
. It is evident that every now and then, syslog-ng writes a stream of
several hundred null bytes to /var/log/messages. It seems to do this
when logging the system startup messages. This is probably a bug.
By the way, the LESSOPEN="" trick can sometimes leave your display
corrupted, displaying wierd glyphs on the screen when you type. To
restore your screen, output ^o. To do this, type (blindly)
# echo <ctrl-v><crtl-o><CR>
.
> --
> Again we must be afraid of speaking of daemons for fear that daemons
> might swallow us. Finally, this fear has become reasonable.
--
Alan Mackenzie (Nuremberg, Germany).
