Log files, BNF format, and jEdit
-
The documentation says that pfsense log files are BNF format. My setup is still new (1.5 months) and the log files have not completely filled up and wrapped around yet. When I download the resolver log file (I am having a problem with unbound stopping unexpectedly), jEdit seems to load correctly up to the point where the valid data ends (guessing the remainder of the file is null) and then it crashes with out-of-heap error. jEdit can normally can deal with most file types.
Anyone else using jEdit that could post a tip about viewing log files which are partially full?
jEdit running out of heap which is a symptom rather than a root cause as I have increased the JAVA heap size to 2G. jEdit defaults to cp1252 format.
Thanks!
-
You seem to have mixed up a few terms.
1. pfSense log files in general are CLOG format, a binary circular log. You can't open them properly in a plain text editor.
2. pfSense firewall log entries on 2.2 and later are in a form of CSV format described at https://doc.pfsense.org/index.php/Filter_Log_Format_for_pfSense_2.2, the log itself is still a clog file.
3. The "BNF" term is used on the link above is for Backus–Naur Form which is the type of grammar used to convey the actual layout of data in the filter log entries. The log is comma-separated, BNF refers to the way the page shows you how the CSV data can be present in the log entries.
Long story short, you'll need to run the log files through clog to get plain text as described in the link on point 1 if you wish to open them in a text editor.
