Introduction
Anyone who works as a developer or system administrator knows how important it is to use log files to identify and resolve errors on Linux and Unix systems. Tools like grep, tail, cat or journalctl are often used to view these files, but as the number of logs increases, managing them can become complicated. That's where lnav comes in, an advanced log file viewer that goes beyond basic functionality. This tool not only recognizes logs but also identifies timestamps, log levels, and other crucial details. It also allows you to run SQL queries on standard log files and create custom reports. Let's see how to install and use lnav.
Distinctive features of lnav
- Decompression of log files in real time, similar to z* utilities on Linux and Unix.
- Log file format recognition.
- Merging log files into a single view sorted by time.
- Color support in the terminal to highlight errors and warnings.
- SSH (SFTP) support for viewing log files on remote Linux and Unix machines.
- Follow files as they rename and find new files in specified directories.
- Creating an index of errors and warnings.
- JSON formatted printout.
- Quick navigation between errors and warnings.
- Search with regular expressions.
- Highlighting and filtering messages using regular expressions or SQLite.
- View a histogram of messages over time.
- Query messages using SQLite.
Installation
Here's how to install lnav on different Linux and Unix distributions:
Debian/Ubuntu Linux:
sudo apt install lnavCentOS/RHEL/Fedora/Rocky/Alma/Oracle Linux First, enable the EPEL repository, then:
sudo dnf install lnavArch Linux:
sudo pacman -S lnavAlpine Linux:
apk add lnavOpenSUSE /SUSE Linux
sudo zypper install lnavmacOS First, enable and install Homebrew, then:
brew install lnavOr use:
sudo port install lnavFreeBSD Unix:
pkg install lnavUsing lnav
The syntax for using lnav is simple:
# File di log
lnav /percorso/del/file.log
lnav /percorso/del/file1.log /percorso/del/file2.log
# Directory
lnav /percorso/della/app/log/dir1/lnav /percorso/della/app/log/dir1//var/log/# Wildcard
lnav /var/log/nginx/app_*_error*log
lnav /var/log/nginx/app_*_error*log /var/log/*.errUsing SSH for remote hosts
lnav utente@nome-server:/var/log/file.log
lnav utente@server1:/var/log/lnav utente@server1:/var/log/*.errUse with systemd-journald on Linux systems
journalctl | lnav
journalctl -f | lnav
journalctl -u ssh.service | lnavTo find errors, press e to go to the next error or Shift+E to go back to the previous one. Use w and Shift+W to move to the next or previous alerts. Press q or CTRL+c to exit. To search for text in files, press / to open the search prompt and TAB to automatically complete the search string.
Viewing Docker container logs
docker logs container-id | lnav
docker logs -f container-id | lnavIf the container ID is 611ac85cc97d or is called "app":
docker logs 611ac85cc97d | lnav
docker logs -f app | lnavYou can also use:
lnav docker://{container_id_or_name}/path/to/log/file
lnav docker://{container_id_or_name}/var/dir1
lnav docker://app/var/log/lnav docker://app/var/log/nginx/nginx.app.logMonitoring the output of any command
Many commands generate output and logs during execution. For example, to monitor the output of the make command during compilation:
lnav -e 'make -j8'SQLite interface
lnav allows you to perform log analysis via SQLite, a very powerful feature. Each log format is accessible via virtual tables, allowing you to run SQL queries on the logs. For example:
lnav /var/log/nginx/www.example.com_https_access.logYou can activate the SQL prompt by pressing the ; and write a simple query like:
SELECT * FROM logline LIMIT 10;You will get the results directly in the terminal.
Conclusion
lnav is an advanced tool for viewing log files, with features that allow you to run SQL queries, create reports and much more. It offers a simple and intuitive user interface and supports numerous log formats, Linux containers, and remote viewing via SSH. This tool is highly recommended for sysadmin and Linux/Unix developers. You can get started using lnav with these simple commands or visit the project page for more information.
