RHEL 7.3 syslog 输出文本换行,没有换行符

tag-icon tag-icon linux redhat syslog
RHEL 7.3 syslog 输出文本换行,没有换行符

当我看到cat一个文件时,例如/var/log/messages输出没有分成新行,它只是一团很难阅读的换行文本,只是一条又一条没有新行的消息。是否有某个设置会导致这种情况发生,这种情况发生在我们的几台服务器上。

举个例子

当我运行时cat /var/log/messages我希望看到类似这样的内容:

2016-12-15T11:22:53.212028-06:00 wilkestest.com ntpd[27156]: 0.0.0.0 c615 05 clock_sync
2016-12-15T11:22:54.223136-06:00 wilkestest.com ntpd[27156]: 0.0.0.0 c618 08 no_sys_peer
2016-12-15T11:25:06.228173-06:00 wilkestest.com ntpd[27156]: 0.0.0.0 0628 08 no_sys_peer
2016-12-15T11:25:12.233785-06:00 wilkestest.com ntpd[27156]: 0.0.0.0 0613 03 spike_detect +0.294933 s
2016-12-15T11:29:41.762442-06:00 wilkestest.com kernel: [212901.427412] FS-Cache: Loaded
2016-12-15T11:29:41.771893-06:00 wilkestest.com kernel: [212901.439186] FS-Cache: Netfs 'nfs' registered for caching
2016-12-15T11:29:41.775520-06:00 wilkestest.com kernel: [212901.443275] Key type dns_resolver registered
2016-12-15T11:29:41.784809-06:00 wilkestest.com kernel: [212901.452136] NFS: Registering the id_resolver key type
2016-12-15T11:29:41.784814-06:00 wilkestest.com kernel: [212901.452141] Key type id_resolver registered
2016-12-15T11:29:41.784817-06:00 wilkestest.com kernel: [212901.452142] Key type id_legacy registered

相反,我看到的是类似这样的内容:

2016-12-15T11:22:53.212028-06:00 wilkestest.com ntpd[27156]: 0.0.0.0 c615 05 clock_sync 2016-12-15T11:22:54.223136-06:00 wilkestest.com ntpd[27156]: 0.0.0.0 c618 08 no_sys_peer 2016-12-15T11:25:06.228173-06:00 wilkestest.com ntpd[27156]: 0.0.0.0 0628 08 no_sys_peer 2016-12-15T11:25:12.233785-06:00 wilkestest.com ntpd[27156]: 0.0.0.0 0613 03 spike_detect +0.294933 s 2016-12-15T11:29:41.762442-06:00 wilkestest.com kernel: [212901.427412] FS-Cache: Loaded 2016-12-15T11:29:41.771893-06:00 wilkestest.com kernel: [212901.439186] FS-Cache: Netfs 'nfs' registered for caching 2016-12-15T11:29:41.775520-06:00 wilkestest.com kernel: [212901.443275] Key type dns_resolver registered 2016-12-15T11:29:41.784809-06:00 wilkestest.com kernel: [212901.452136] NFS: Registering the id_resolver key type 2016-12-15T11:29:41.784814-06:00 wilkestest.com kernel: [212901.452141] Key type id_resolver registered 2016-12-15T11:29:41.784817-06:00 wilkestest.com kernel: [212901.452142] Key type id_legacy registered

新的行被夸大了格式,我并不期望日志文件是双倍行距的,但我希望日志中的每个新消息都从新日志开始,而不是简单地在最后一条消息后面留一个空格。

答案1

我找到了答案,只是想在这里发布,以防它可以帮助其他人。在 /etc/rsyslog.conf 中,有一个 $ActionFileDefaultTemplate 参数,它被设置为 RSYSLOG_ForwardFormat,它提供了更精确的日期,但删除了每条消息中的 \n,使用 RSYSLOG_FileFormat 或 RSYSLOG_TraditionalFileFormat 作为该参数将解决混在一起的行。

相关内容