On Tuesday 17 Feb 2015 19:17:20 lee wrote: > Alan Mackenzie <a...@muc.de> writes: > > Hello, Lee. > > > > On Tue, Feb 17, 2015 at 07:26:05PM +0100, lee wrote: > >> Hi, > >> > >> how do you read the log files when using syslog-ng? > >> > >> The log file seem to be some sort of binary that doesn't display too > >> well in less, and there doesn't seem to be any way to read them. > > > > When I try "less /var/log/messages", less gives me what is basically a > > hex dump of the file. I'm assuming you see the same. > > Yes, that's what I was looking at. > > > less searches part of the buffer (presumably the first few KB) and if it > > finds non-printable characters, uses an input filter first to convert to > > the hex dump. > > Is that a new feature of less? I've never had this problem with any > other file. IIRC, unprintable characters, like null, used to be > displayed like ^@, and less always did a great job in preventing the > display from needing a reset without switching to an equivalent of > hexl-mode. > > > BTW, what happens when something writes to /var/log/messages? I noticed > today that the default shorewall.conf that ships with gentoo has that > set as logfile for shorewall. Shouldn't all messages going into > /var/log/messages go to syslog-ng instead when syslog-ng is used, with > nothing else writing to this file?
It depends on what filters have been set in the configuration file of the application in question or syslog-ng. I use less -L /var/log/messages to see the content of the log files in plain text. At boot up I get a load of: Feb 16 07:54:04 ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ kernel: Initializing cgroup subsys cpuset Feb 16 07:54:04 ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ being printed up. Perhaps I will disable cgroups in the kernel and see what gives. I don't use containers anyway. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
