From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-162218-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 9BD46138A1A
	for <garchives@archives.gentoo.org>; Tue, 17 Feb 2015 19:03:19 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D5758E0886;
	Tue, 17 Feb 2015 19:02:50 +0000 (UTC)
Received: from mail.muc.de (colin.muc.de [193.149.48.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 83DA1E0881
	for <gentoo-user@lists.gentoo.org>; Tue, 17 Feb 2015 19:02:49 +0000 (UTC)
Received: (qmail 66209 invoked by uid 3782); 17 Feb 2015 19:02:46 -0000
Received: from acm.muc.de (pD951A1C9.dip0.t-ipconnect.de [217.81.161.201]) by
	colin.muc.de (tmda-ofmipd) with ESMTP;
	Tue, 17 Feb 2015 20:02:45 +0100
Received: (qmail 3791 invoked by uid 1000); 17 Feb 2015 19:02:19 -0000
Date: Tue, 17 Feb 2015 19:02:19 +0000
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] syslog-ng: how to read the log files
Message-ID: <20150217190219.GA3678@acm.fritz.box>
References: <87lhjws8ci.fsf@heimdali.yagibdah.de>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87lhjws8ci.fsf@heimdali.yagibdah.de>
User-Agent: Mutt/1.5.22 (2013-10-16)
X-Delivery-Agent: TMDA/1.1.12 (Macallan)
From: Alan Mackenzie <acm@muc.de>
X-Primary-Address: acm@muc.de
X-Archives-Salt: 0e9ea737-51ff-4dbf-a809-a4acdb9fb82f
X-Archives-Hash: 01963265014dd11d60d78793df6d6fd6

Hello, Lee.

On Tue, Feb 17, 2015 at 07:26:05PM +0100, lee wrote:
> Hi,

> how do you read the log files when using syslog-ng?

> The log file seem to be some sort of binary that doesn't display too
> well in less, and there doesn't seem to be any way to read them.

When I try "less /var/log/messages", less gives me what is basically a
hex dump of the file.  I'm assuming you see the same.

less searches part of the buffer (presumably the first few KB) and if it
finds non-printable characters, uses an input filter first to convert to
the hex dump.  This same filter is what enables less to expand
compressed files and man pages.

What I do is to disable this input filter with

    # LESSOPEN="" less /var/log/messages

.  It is evident that every now and then, syslog-ng writes a stream of
several hundred null bytes to /var/log/messages.  It seems to do this
when logging the system startup messages.  This is probably a bug.

By the way, the LESSOPEN="" trick can sometimes leave your display
corrupted, displaying wierd glyphs on the screen when you type.  To
restore your screen, output ^o.  To do this, type (blindly)

    # echo <ctrl-v><crtl-o><CR>

.

> -- 
> Again we must be afraid of speaking of daemons for fear that daemons
> might swallow us.  Finally, this fear has become reasonable.

-- 
Alan Mackenzie (Nuremberg, Germany).