lnav/test/expected/test_text_file.sh_e088ea61a5382458cc48a2607e2639e52b0be1da.out

Screenshot

The following screenshot shows a mix of syslog and web access log
files.  Failed requests are shown in red.  Identifiers, like IP
address and PIDs are semantically highlighted.

]8;;file://{top_srcdir}/docs/assets/images/lnav-front-page.png\🖼  Screenshot]8;;\]8;;file://{top_srcdir}/docs/assets/images/lnav-front-page.png\¹]8;;\˒²

 ▌[1] - file://{top_srcdir}/docs/assets/images/lnav-front-page.png 
 ▌[2] - file://{top_srcdir}/docs/assets/images/lnav-front-page.png 

Why not just use  tail / grep / less ?

The standard Unix utilities are great for processing raw text lines,
however, they do not understand log messages.  Tail can watch multiple
files at a time, but it won't display messages in order by time and
you can't scroll backwards.  Grep will only find matching lines, but
won't return a full multi-line log message.  Less can only display a
single file at a time.  Also, none of these basic tools handle
compressed files.

Try online before installing

You can SSH into a demo node to play with lnav before installing.

The "playground" account starts lnav with a couple of log files as an
example:

]8;;ssh://playground@demo.lnav.org\ $ ssh playground@demo.lnav.org ]8;;\¹

 ▌[1] - ssh://playground@demo.lnav.org 

The "tutorial 1" account is an interactive tutorial that can teach you
the basics of operation:

]8;;ssh://tutorial1@demo.lnav.org\ $ ssh tutorial1@demo.lnav.org ]8;;\¹

 ▌[1] - ssh://tutorial1@demo.lnav.org 

Installation

]8;;https://github.com/tstack/lnav/releases/latest#release-artifacts\Download a statically-linked binary for Linux/MacOS from the release]8;;\
]8;;https://github.com/tstack/lnav/releases/latest#release-artifacts\page]8;;\¹

 ▌[1] - https://github.com/tstack/lnav/releases/latest#release-artifacts 

Brew on MacOS

 ▌$ brew install lnav                     

Usage

Simply point lnav at the files or directories you want to monitor, it
will figure out the rest:

 ▌$ lnav /path/to/file1 /path/to/dir ...    

The lnav TUI will pop up right away and begin indexing the files.
Progress is displayed in the "Files" panel at the bottom. Once the
indexing has finished, the LOG view will display the log messages that
were recognized[^1]. You can then use the usual hotkeys to move around
the view (arrow keys or  j / k / h / l  to move down/up/left/right).

See the ]8;;https://docs.lnav.org/en/latest/usage.html\Usage section]8;;\¹ of the online documentation for more
information.

 ▌[1] - https://docs.lnav.org/en/latest/usage.html 

[^1]: Files that do not contain log messages can be seen in the TEXT
view (reachable by pressing  t ).

Usage with  systemd-journald 

On systems running  systemd-journald , you can use  lnav  as the
pager:

 ▌$ journalctl | lnav                     

or in follow mode:

 ▌$ journalctl -f | lnav                  

Since  journalctl 's default output format omits the year, if you are
viewing logs which span multiple years you will need to change the
output format to include the year, otherwise  lnav  gets confused:

 ▌$ journalctl -o short-iso | lnav        

It is also possible to use  journalctl 's json output format and
 lnav will make use of additional fields such as PRIORITY and
_SYSTEMD_UNIT:

 ▌$ journalctl -o json | lnav             

In case some MESSAGE fields contain special characters such as ANSI
color codes which are considered as unprintable by journalctl,
specifying  journalctl 's  -a  option might be preferable in order to
output those messages still in a non-binary representation:

 ▌$ journalctl -a -o json | lnav          

If using systemd v236 or newer, the output fields can be limited to
the ones actually recognized by  lnav  for increased efficiency:

 ▌$ journalctl -o json --output-fields=MESSAGE,PRIORITY,_PID,SYSLOG_IDENTIFIER,_SYSTEMD_UNIT | lnav    

If your system has been running for a long time, for increased
efficiency you may want to limit the number of log lines fed into
 lnav , e.g. via  journalctl 's  -n  or  --since=...  options.

In case of a persistent journal, you may want to limit the number of
log lines fed into  lnav  via  journalctl 's  -b  option.

Support

Please file issues on this repository or use the discussions section.
The following alternatives are also available:

 • ]8;;mailto:support@lnav.org\support@lnav.org]8;;\¹
 • ]8;;https://discord.gg/erBPnKwz7R\Discord]8;;\²
 • ]8;;https://groups.google.com/g/lnav\Google Groups]8;;\³

 ▌[1] - mailto:support@lnav.org          
 ▌[2] - https://discord.gg/erBPnKwz7R    
 ▌[3] - https://groups.google.com/g/lnav 

Links

 • ]8;;https://lnav.org\Main Site]8;;\¹
 • ]8;;https://docs.lnav.org\Documentation]8;;\² on Read the Docs
 • ]8;;file://{top_srcdir}/ARCHITECTURE.md\Internal Architecture]8;;\³

 ▌[1] - https://lnav.org                                 
 ▌[2] - https://docs.lnav.org                            
 ▌[3] - file://{top_srcdir}/ARCHITECTURE.md 

Contributing

 • ]8;;https://github.com/sponsors/tstack\Become a Sponsor on GitHub]8;;\¹

 ▌[1] - https://github.com/sponsors/tstack 

Building From Source

Prerequisites

The following software packages are required to build lnav:

 • gcc/clang  - A C++14-compatible compiler.
 • libpcre2   - The Perl Compatible Regular Expression v2
   (PCRE2) library.
 • sqlite     - The SQLite database engine.  Version
   3.9.0 or higher is required.
 • ncurses    - The ncurses text UI library.
 • readline   - The readline line editing library.
 • zlib       - The zlib compression library.
 • bz2        - The bzip2 compression library.
 • libcurl    - The cURL library for downloading files
   from URLs.  Version 7.23.0 or higher is required.
 • libarchive - The libarchive library for opening
   archive files, like zip/tgz.
 • wireshark  - The 'tshark' program is used to interpret
   pcap files.
 • cargo/rust - The Rust language is used to build the
   PRQL compiler.

Build

Lnav follows the usual GNU style for configuring and installing
software:

Run  ./autogen.sh  if compiling from a cloned repository.

 ▌$ ./configure                           
 ▌$ make                                  
 ▌$ sudo make install                     

See Also

]8;;https://github.com/rcoh/angle-grinder\Angle-grinder]8;;\¹ is a tool to slice and dice log files on the
command-line. If you're familiar with the SumoLogic query language,
you might find this tool more comfortable to work with.

 ▌[1] - https://github.com/rcoh/angle-grinder