2 unstable releases
0.2.0 | Oct 29, 2019 |
---|---|
0.1.0-beta.0 | Aug 31, 2019 |
#3 in #graylog
48KB
994 lines
50shades (of Graylog)
Log trail and query client written in Rust.
50shades interfaces with Graylog's and Elasticsearch's query APIs so that
log message lookups can be performed from the command line. It supports storing
logins in native OS keychains and following up on queries, so that logs can be
viewed in a tail -f
or journalctl -f
manner. 50shades unterstands intuitive
English expressions for timespans. Output can be controlled using Handlebars
syntax.
Usage
50shades provides several subcommands which come with their own respective sets
of options. Invoking the help
subcommand on any of the other subcommands, or
passing --help
to any of the subcommands will print the respective help screen
for that command. Invoking help
or passing --help
without a subcommand
prints general help.
USAGE:
50shades [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-c, --config <config> Path to custom configuration file
-n, --node <node> Node to query [default: default]
-t, --template <template> Template to use for output [default: default]
SUBCOMMANDS:
follow Follows the tail of a query (like tail -f on a log file)
help Prints this message or the help of the given subcommand(s)
init Initializes the configuration file
login Stores new password for specified node
query Performs one-time query
Before any actual queries can be performed by either query
or follow
,
50shades needs to be supplied with a valid TOML configuration file and a
matching table for the specified node
(defaults to default
), which has to
consist of a url
and a user
.
A valid configuration file looks like this:
[nodes.default]
url = 'https://graylog.example.com/api'
user = 'admin'
type = 'graylog'
[nodes.elastic]
url = 'https://elastic.example.com/'
user = 'elastic'
type = 'elastic'
[nodes.logstash]
url = 'https://elastic.example.com/logstash-*'
user = 'elastic'
type = 'elastic'
[nodes.elastic-noauth]
url = 'https://elastic.example.com/'
type = 'elastic'
[templates]
default = '[{{default container_name "-"}}] {{{message}}}'
rocket = '{{{method}}}{{{route}}} {{{uri}}}{{{status}}}'
Here, 50shades invocations without a node specified would attempt to query the
Graylog server API at https://graylog.example.com/api
with the user
admin
. By specifying -n elastic
, it would instead query the Elasticsearch
server at https://elastic.example.com/
for all indices and attempt to
authenticate the user elastic
. Specifying -n logstash
would limit the same
queries against indices starting in logstash-
, whereas -n elastic-noauth
would query all indices, but not attempt any authentication, which is a viable
option for Elasticsearch, but not for Graylog.
In addition, a matching password has to be stored for a node if a username is
specified. This can be done by invoking 50shades with the login
command while
specifying the desired node using -n
to store the password for.
Any additional query
or follow
arguments after the options are passed down
to Graylog or Elasticsearch as the actual query and use Lucene query syntax,
just like they do in the respective tools.
Default Configuration File
The location of the default configuration file is operating system dependent. To
have it created with sensible values and learn about its location, 50shades
provides the init
command which prompts for a url, user name and password and
prints the path to the file. Initializing the configuration file also writes out
the default output templates which is further explained below.
Controlling Output
Each query result is output as a single line, controlled by the Handlebars
template referenced by the --template
, or -t
, option. 50shades' default
template is specified as follows:
[{{default container_name "-"}}] {{{message}}}
50shades includes default
as a custom helper which may be used to specify a
default value if a field is missing in a query result. Otherwise, an empty
string would be generated.
Password Storage
50shades supports reading passwords from operating system / desktop environment keyrings, only. Passwords cannot be stored in configuration nor passed or piped during invocation.
Installation
The easiest way to install 50shades is by having a working Rust toolchain installed and invoking
cargo install fifty-shades
which will place the resulting binary in ~/.cargo/bin
.
Copyright
Copyright 2019 Communicatio.Systems GmbH
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependencies
~29–42MB
~745K SLoC