1 |
On Friday 26 Dec 2014 23:33:33 Peter Humphrey wrote: |
2 |
> Hello list, |
3 |
> |
4 |
> For some time now I've had syslog-ng writing /var/log/messages in a binary |
5 |
> format: |
6 |
> |
7 |
> # file /var/log/messages |
8 |
> /var/log/messages: data |
9 |
> # grep syslog-ng /var/log/messages |
10 |
> Binary file /var/log/messages matches |
11 |
> |
12 |
> Yet: |
13 |
> |
14 |
> # head /var/log/messages |
15 |
> Dec 21 03:10:02 wstn run-crons[29014]: (root) CMD (/etc/cron.daily/man-db) |
16 |
> [...] |
17 |
> |
18 |
> Can I use the following method to restore the original text format of |
19 |
> /var/log/messages? |
20 |
> |
21 |
> 1. Boot rescue system and mount main system |
22 |
> 2. # cd /mnt/main/var/log |
23 |
> 3. # mv messages messages.bin |
24 |
> 4. # strings messages.bin > messages |
25 |
> 5. # rm messages.bin |
26 |
> 6. Reboot. |
27 |
> |
28 |
> I tried steps 1 - 4 and got a text file with very long lines, but I |
29 |
> chickened out before rebooting. |
30 |
> |
31 |
> It would be nice to find a config setting that's changed, but the change |
32 |
> log is silent and the admin guide gives me a headache :-( |
33 |
|
34 |
|
35 |
I don't know if this is a matter of changing some setting a in a config file - |
36 |
I haven't found any yet. It seems that upon boot up some binary data is |
37 |
written in the otherwise plain text logs: |
38 |
|
39 |
|
40 |
Dec 22 10:15:21 dell_xps syslog-ng[1526]: syslog-ng starting up; |
41 |
version='3.4.8' |
42 |
Dec 22 10:15:21 dell_xps syslog-ng[1526]: syslog-ng starting up; |
43 |
version='3.4.8' |
44 |
Dec 22 10:15:21 dell_xps syslog-ng[1526]: syslog-ng starting up; |
45 |
version='3.4.8' |
46 |
Dec 22 10:15:21 ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
47 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
48 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
49 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
50 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
51 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
52 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
53 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ kernel: Initializing cgroup subsys |
54 |
cpuset |
55 |
|
56 |
Dec 22 10:15:21 |
57 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
58 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
59 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
60 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
61 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
62 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
63 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
64 |
^@^@^@^@^@^@^@^@^@^@ kernel: Initializing cgroup subsys cpuset |
65 |
Dec 22 10:15:21 |
66 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
67 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
68 |
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ |
69 |
^@^@^@^@^@^@^@^@^@^@ |
70 |
[snip ...] |
71 |
|
72 |
I don't know if this is caused by some systemd infection of our systems! LOL! |
73 |
|
74 |
|
75 |
If you use 'less -L /var/log/messages' or cat, then you will be able to view |
76 |
the logs in text format. If you need to grep stuff then you can use: |
77 |
|
78 |
grep --binary-files=text -i firewall /var/log/messages |
79 |
[snip ...] |
80 |
|
81 |
Dec 27 09:24:03 dell_xps firewall: ** All firewall rules applied ** |
82 |
Dec 27 09:24:03 dell_xps firewall: ** All firewall rules applied ** |
83 |
|
84 |
|
85 |
Be careful that using grep like this might cause your terminal to execute some |
86 |
of the binary output as a command (check the man page). |
87 |
|
88 |
-- |
89 |
Regards, |
90 |
Mick |