2021-02-13 20:41:48 +00:00
|
|
|
[![Build](https://github.com/tstack/lnav/workflows/ci-build/badge.svg)](https://github.com/tstack/lnav/actions?query=workflow%3Aci-build)
|
2021-03-02 23:19:08 +00:00
|
|
|
[![Docs](https://readthedocs.org/projects/lnav/badge/?version=latest&style=plastic)](https://docs.lnav.org)
|
2021-02-07 07:08:01 +00:00
|
|
|
[![Coverage Status](https://coveralls.io/repos/github/tstack/lnav/badge.svg?branch=master)](https://coveralls.io/github/tstack/lnav?branch=master)
|
2020-09-23 21:51:11 +00:00
|
|
|
[![lnav](https://snapcraft.io//lnav/badge.svg)](https://snapcraft.io/lnav)
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2021-08-25 11:19:26 +00:00
|
|
|
_This is the source repository for **lnav**, visit [https://lnav.org](https://lnav.org) for a high level overview._
|
2013-08-30 15:55:49 +00:00
|
|
|
|
2017-05-09 18:02:38 +00:00
|
|
|
# LNAV -- The Logfile Navigator
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2020-09-16 04:38:30 +00:00
|
|
|
The Log File Navigator, **lnav** for short, is an advanced log file viewer
|
|
|
|
for the small-scale. It is a terminal application that can understand
|
|
|
|
your log files and make it easy for you to find problems with little to
|
|
|
|
no setup.
|
|
|
|
|
2021-03-23 20:47:02 +00:00
|
|
|
## Screenshot
|
2020-09-16 04:38:30 +00:00
|
|
|
|
2021-03-23 20:47:02 +00:00
|
|
|
The following screenshot shows a syslog file. Log lines are displayed with
|
|
|
|
highlights. Errors are red and warnings are yellow.
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2021-06-13 05:33:22 +00:00
|
|
|
[![Screenshot](docs/assets/images/lnav-syslog-thumb.png)](docs/assets/images/lnav-syslog.png)
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2020-09-16 04:38:30 +00:00
|
|
|
## Features
|
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
- Log messages from different files are collated together into a single view
|
|
|
|
- Automatic detection of log format
|
|
|
|
- Automatic decompression of GZip and BZip2 files
|
|
|
|
- Filter log messages based on regular expressions
|
|
|
|
- Use SQL to analyze your logs
|
|
|
|
- And more...
|
2020-09-16 04:38:30 +00:00
|
|
|
|
2017-05-09 18:02:38 +00:00
|
|
|
## Installation
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2021-03-23 20:47:02 +00:00
|
|
|
[Download a statically-linked binary for Linux/MacOS from the release page](https://github.com/tstack/lnav/releases/latest#release-artifacts)
|
2016-05-31 13:18:37 +00:00
|
|
|
|
2017-05-09 18:02:38 +00:00
|
|
|
## Usage
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2017-04-19 10:36:22 +00:00
|
|
|
The only file installed is the executable, `lnav`. You can execute it
|
2013-04-10 05:36:08 +00:00
|
|
|
with no arguments to view the default set of files:
|
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
```
|
|
|
|
$ lnav
|
|
|
|
```
|
2013-04-10 05:36:08 +00:00
|
|
|
|
|
|
|
You can view all the syslog messages by running:
|
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
```
|
|
|
|
$ lnav /var/log/messages*
|
|
|
|
```
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2017-05-09 18:02:38 +00:00
|
|
|
### Usage with `systemd-journald`
|
2017-04-19 11:19:47 +00:00
|
|
|
|
|
|
|
On systems running `systemd-journald`, you can use `lnav` as the pager:
|
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
```
|
|
|
|
$ journalctl | lnav
|
|
|
|
```
|
2017-04-19 11:19:47 +00:00
|
|
|
|
|
|
|
or in follow mode:
|
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
```
|
|
|
|
$ journalctl -f | lnav
|
|
|
|
```
|
2017-04-19 11:19:47 +00:00
|
|
|
|
|
|
|
Since `journalctl`'s default output format omits the year, if you are
|
|
|
|
viewing logs which span multiple years you will need to change the
|
|
|
|
output format to include the year, otherwise `lnav` gets confused:
|
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
```
|
|
|
|
$ journalctl -o short-iso | lnav
|
|
|
|
```
|
2017-04-19 11:19:47 +00:00
|
|
|
|
2018-08-25 15:32:34 +00:00
|
|
|
It is also possible to use `journalctl`'s json output format and `lnav`
|
2021-02-08 05:30:02 +00:00
|
|
|
will make use of additional fields such as PRIORITY and \_SYSTEMD_UNIT:
|
2018-08-25 15:32:34 +00:00
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
```
|
|
|
|
$ journalctl -o json | lnav
|
|
|
|
```
|
2018-08-25 15:32:34 +00:00
|
|
|
|
2018-08-25 16:38:55 +00:00
|
|
|
In case some MESSAGE fields contain special characters such as
|
|
|
|
ANSI color codes which are considered as unprintable by journalctl,
|
|
|
|
specifying `journalctl`'s `-a` option might be preferable in order
|
|
|
|
to output those messages still in a non binary representation:
|
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
```
|
|
|
|
$ journalctl -a -o json | lnav
|
|
|
|
```
|
2018-08-25 16:38:55 +00:00
|
|
|
|
2018-08-25 15:32:34 +00:00
|
|
|
If using systemd v236 or newer, the output fields can be limited to
|
|
|
|
the ones actually recognized by `lnav` for increased efficiency:
|
|
|
|
|
2021-02-08 05:30:02 +00:00
|
|
|
```
|
|
|
|
$ journalctl -o json --output-fields=MESSAGE,PRIORITY,_PID,SYSLOG_IDENTIFIER,_SYSTEMD_UNIT | lnav
|
|
|
|
```
|
2018-08-25 15:32:34 +00:00
|
|
|
|
2017-04-19 11:19:47 +00:00
|
|
|
If your system has been running for a long time, for increased
|
|
|
|
efficiency you may want to limit the number of log lines fed into
|
|
|
|
`lnav`, e.g. via `journalctl`'s `-n` or `--since=...` options.
|
|
|
|
|
2018-08-25 15:32:34 +00:00
|
|
|
In case of a persistent journal, you may want to limit the number
|
|
|
|
of log lines fed into `lnav` via `journalctl`'s `-b` option.
|
|
|
|
|
2021-03-23 20:47:02 +00:00
|
|
|
## Links
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2021-03-23 20:47:02 +00:00
|
|
|
- [Main Site](https://lnav.org)
|
|
|
|
- [**Documentation**](https://docs.lnav.org) on Read the Docs
|
|
|
|
- [Internal Architecture](ARCHITECTURE.md)
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2021-03-23 20:47:02 +00:00
|
|
|
## Contributing
|
|
|
|
|
|
|
|
- [Become a Sponsor on GitHub](https://github.com/sponsors/tstack)
|
|
|
|
|
|
|
|
### Building From Source
|
|
|
|
|
|
|
|
#### Prerequisites
|
|
|
|
|
|
|
|
The following software packages are required to build lnav:
|
|
|
|
|
|
|
|
- gcc/clang - A C++14-compatible compiler.
|
|
|
|
- libpcre - The Perl Compatible Regular Expression (PCRE) library.
|
|
|
|
- sqlite - The SQLite database engine. Version 3.9.0 or higher is required.
|
|
|
|
- ncurses - The ncurses text UI library.
|
|
|
|
- readline - The readline line editing library.
|
|
|
|
- zlib - The zlib compression library.
|
|
|
|
- bz2 - The bzip2 compression library.
|
|
|
|
- libcurl - The cURL library for downloading files from URLs. Version 7.23.0 or higher is required.
|
|
|
|
- libarchive - The libarchive library for opening archive files, like zip/tgz.
|
2021-11-05 22:13:16 +00:00
|
|
|
- wireshark - The 'tshark' program is used to interpret pcap files.
|
2021-03-23 20:47:02 +00:00
|
|
|
|
|
|
|
#### Build
|
|
|
|
|
|
|
|
Lnav follows the usual GNU style for configuring and installing software:
|
|
|
|
|
|
|
|
Run `./autogen.sh` if compiling from a cloned repository.
|
|
|
|
|
|
|
|
```
|
|
|
|
$ ./configure
|
|
|
|
$ make
|
|
|
|
$ sudo make install
|
|
|
|
```
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2020-09-12 21:06:23 +00:00
|
|
|
## See Also
|
2013-04-10 05:36:08 +00:00
|
|
|
|
2018-12-13 14:16:40 +00:00
|
|
|
[Angle-grinder](https://github.com/rcoh/angle-grinder) is a tool to slice and dice log files on the command-line.
|
|
|
|
If you're familiar with the SumoLogic query language, you might find this tool more comfortable to work with.
|