mirror of
https://github.com/tstack/lnav
synced 2024-11-05 21:21:19 +00:00
150 lines
5.3 KiB
Plaintext
150 lines
5.3 KiB
Plaintext
[1mScreenshot[0m
|
||
|
||
The following screenshot shows a syslog file. Log lines are displayed
|
||
with highlights. Errors are red and warnings are yellow.
|
||
|
||
[4mScreenshot[1][0m[4m[2][0m
|
||
|
||
▌[1] - file://{top_srcdir}/docs/assets/images/lnav-syslog-thumb.png
|
||
▌[2] - file://{top_srcdir}/docs/assets/images/lnav-syslog.png
|
||
|
||
[1mFeatures[0m
|
||
|
||
[33m•[0m Log messages from different files are collated together
|
||
into a single view
|
||
[33m•[0m Automatic detection of log format
|
||
[33m•[0m Automatic decompression of GZip and BZip2 files
|
||
[33m•[0m Filter log messages based on regular expressions
|
||
[33m•[0m Use SQL to analyze your logs
|
||
[33m•[0m And more...
|
||
|
||
[1mInstallation[0m
|
||
|
||
[4mDownload a statically-linked binary for Linux/MacOS from the release[0m
|
||
[4mpage[1][0m
|
||
|
||
▌[1] - https://github.com/tstack/lnav/releases/latest#release-artifacts
|
||
|
||
[1mUsage[0m
|
||
|
||
The only file installed is the executable, [37m[40m lnav [0m. You can execute it
|
||
with no arguments to view the default set of files:
|
||
|
||
▌[37m[40m$ lnav [0m
|
||
|
||
You can view all the syslog messages by running:
|
||
|
||
▌[37m[40m$ lnav /var/log/messages* [0m
|
||
|
||
[4mUsage with [0m[4m[37m[40m systemd-journald [0m
|
||
|
||
On systems running [37m[40m systemd-journald [0m, you can use [37m[40m lnav [0m as the
|
||
pager:
|
||
|
||
▌[37m[40m$ journalctl | lnav [0m
|
||
|
||
or in follow mode:
|
||
|
||
▌[37m[40m$ journalctl -f | lnav [0m
|
||
|
||
Since [37m[40m journalctl [0m's default output format omits the year, if you are
|
||
viewing logs which span multiple years you will need to change the
|
||
output format to include the year, otherwise [37m[40m lnav [0m gets confused:
|
||
|
||
▌[37m[40m$ journalctl -o short-iso | lnav [0m
|
||
|
||
It is also possible to use [37m[40m journalctl [0m's json output format and [37m[40m lnav[0m
|
||
will make use of additional fields such as PRIORITY and _SYSTEMD_UNIT:
|
||
|
||
▌[37m[40m$ journalctl -o json | lnav [0m
|
||
|
||
In case some MESSAGE fields contain special characters such as ANSI
|
||
color codes which are considered as unprintable by journalctl,
|
||
specifying [37m[40m journalctl [0m's [37m[40m -a [0m option might be preferable in order to
|
||
output those messages still in a non-binary representation:
|
||
|
||
▌[37m[40m$ journalctl -a -o json | lnav [0m
|
||
|
||
If using systemd v236 or newer, the output fields can be limited to
|
||
the ones actually recognized by [37m[40m lnav [0m for increased efficiency:
|
||
|
||
▌[37m[40m$ journalctl -o json --output-fields=MESSAGE,PRIORITY,_PID,SYSLOG_IDENTIFIER,_SYSTEMD_UNIT | lnav [0m
|
||
|
||
If your system has been running for a long time, for increased
|
||
efficiency you may want to limit the number of log lines fed into [37m[40m lnav[0m
|
||
, e.g. via [37m[40m journalctl [0m's [37m[40m -n [0m or [37m[40m --since=... [0m options.
|
||
|
||
In case of a persistent journal, you may want to limit the number of
|
||
log lines fed into [37m[40m lnav [0m via [37m[40m journalctl [0m's [37m[40m -b [0m option.
|
||
|
||
[1mSupport[0m
|
||
|
||
Please file issues on this repository or use the discussions section.
|
||
The following alternatives are also available:
|
||
|
||
[33m•[0m [4msupport@lnav.org[1][0m
|
||
[33m•[0m [4mDiscord[2][0m
|
||
[33m•[0m [4mGoogle Groups[3][0m
|
||
|
||
▌[1] - mailto:support@lnav.org
|
||
▌[2] - https://discord.gg/erBPnKwz7R
|
||
▌[3] - https://groups.google.com/g/lnav
|
||
|
||
[1mLinks[0m
|
||
|
||
[33m•[0m [4mMain Site[1][0m
|
||
[33m•[0m [1m[4mDocumentation[0m[4m[2][0m on Read the Docs
|
||
[33m•[0m [4mInternal Architecture[3][0m
|
||
|
||
▌[1] - https://lnav.org
|
||
▌[2] - https://docs.lnav.org
|
||
▌[3] - file://{top_srcdir}/ARCHITECTURE.md
|
||
|
||
[1mContributing[0m
|
||
|
||
[33m•[0m [4mBecome a Sponsor on GitHub[1][0m
|
||
|
||
▌[1] - https://github.com/sponsors/tstack
|
||
|
||
[4mBuilding From Source[0m
|
||
|
||
[4mPrerequisites[0m
|
||
|
||
The following software packages are required to build lnav:
|
||
|
||
[33m•[0m gcc/clang - A C++14-compatible compiler.
|
||
[33m•[0m libpcre2 - The Perl Compatible Regular Expression v2
|
||
(PCRE2) library.
|
||
[33m•[0m sqlite - The SQLite database engine. Version 3.9.0
|
||
or higher is required.
|
||
[33m•[0m ncurses - The ncurses text UI library.
|
||
[33m•[0m readline - The readline line editing library.
|
||
[33m•[0m zlib - The zlib compression library.
|
||
[33m•[0m bz2 - The bzip2 compression library.
|
||
[33m•[0m libcurl - The cURL library for downloading files
|
||
from URLs. Version 7.23.0 or higher is required.
|
||
[33m•[0m libarchive - The libarchive library for opening archive
|
||
files, like zip/tgz.
|
||
[33m•[0m wireshark - The [35m'tshark'[0m program is used to interpret
|
||
pcap files.
|
||
|
||
[4mBuild[0m
|
||
|
||
Lnav follows the usual GNU style for configuring and installing
|
||
software:
|
||
|
||
Run [37m[40m ./autogen.sh [0m if compiling from a cloned repository.
|
||
|
||
▌[33m[40m$ [0m[37m[40m./configure [0m
|
||
▌[33m[40m$ [0m[37m[40mmake [0m
|
||
▌[33m[40m$ [0m[37m[40msudo make install [0m
|
||
|
||
[1mSee Also[0m
|
||
|
||
[4mAngle-grinder[1][0m is a tool to slice and dice log files on the
|
||
command-line. If you're familiar with the SumoLogic query language,
|
||
you might find this tool more comfortable to work with.
|
||
|
||
▌[1] - https://github.com/rcoh/angle-grinder
|
||
|