#log #regex #analysis #filter #command-line #log-entries #search

app log-analyzer-pro

Log Analyzer Pro is a command line application giving powerful filtering and searching capabilities to analyze software logs. Logs can come from log files (updates live if these are modified) or a socket connection

4 stable releases

1.0.3 Jun 5, 2022
1.0.2 Jun 4, 2022

#556 in Debugging

Unlicense OR MIT

8MB
2.5K SLoC

Log Analyzer Pro (lap)

A powerful log analyzer application for the terminal written in Rust

demo

Features

  • Read logs from files or sockets. It updates live with new entries
  • Optionally format logs with a regex expression to match any of the Date, Timestamp, App, Severity, Function, Payload categories and ease reading and filtering
  • Include, exclude or marker regex filters
  • Regex search

Installation

cargo install log-analyzer-pro

The binary executable is lap

Usage

Menu navigation

Use Shift + Arrows or ⇥ Tab to navigate across the application menus and change focus.

  • Left: ⇧ Shift +
  • Right: ⇧ Shift +
  • Up: ⇧ Shift +
  • Down: ⇧ Shift +

Inner navigation

When focused on a tab, list or table, use the Arrows to change the selection

  • Left: ⇧ Shift +
  • Right: ⇧ Shift +
  • Up: ⇧ Shift +
  • Down: ⇧ Shift +

Inner navigation

When focused on a tab, list or table, use the Arrows to change the selection

  • Left:
  • Right:
  • Up:
  • Down:

Resize modules

  • Resize Left: ⇧ Shift + A
  • Resize Right: ⇧ Shift + D
  • Resize Up: ⇧ Shift + W
  • Resize Down: ⇧ Shift + S

Sources Module

  • + or i to add new log

Filters Module

  • Add new filter: + or i to
  • Use inner navigation to select a filter
  • Edit selected filter: e

Log & Search results module

  • Use inner navigation to navigate through the logs and apply horizontal scroll

  • Press ⌥ Option or Alt + inner navigation for rapid scroll

  • Press Page Up or Page Down to paginate 1000 lines

  • Navigate to index (or closest): ⇧ Shift + G

  • Toggle columns ON/OFF:

    • i: Index
    • d: Date
    • d: Timestamp
    • a: App
    • s: Severity
    • f: Function
    • p: Payload
  • If you're in Search results you can go to the selected index in Log module: ⏎ Enter

Search highlighting

You can highlight search results by using regex groups in your search. The name of the group should be the color you want to highlight the match with. The list of available colors is:

  • BLACK
  • WHITE
  • RED
  • GREEN
  • YELLOW
  • BLUE
  • MAGENTA
  • CYAN
  • GRAY
  • DARKGRAY
  • LIGHTRED
  • LIGHTGREEN
  • LIGHTYELLOW
  • LIGHTBLUE
  • LIGHTMAGENTA
  • LIGHTCYAN

Search example:

(?P<GREEN>success_ok).*(?P<BLUE>message)

Customization

You can use a json file to customize the application look and preload formats and filters by using a command line argument:

lap --settings path_to_settings_file.json
  • Primary color: RGB tuple (reed, green, blue)
  • Formats: List of {alias, regex}
    • The regex is used to format lines into the available columns. To do so you need to capture groups. The valid groups are:
      • DATE
      • TIMESTAMP
      • APP
      • SEVERITY
      • FUNCTION
      • PAYLOAD
  • Filters: List of {alias, action, filter}
    • action: One of {INCLUDE, EXCLUDE, MARKER}
    • filter: Dictionary of {column_name: regex and color: RGB tuple (reed, green, blue)}. All fields are optional

Example file

{
    "primary_color": [0, 225, 255],
    "formats": [
        {
            "alias": "Default",
            "regex": "(?P<PAYLOAD>.*)"
        },
        {
            "alias": "Application",
            "regex": "(?P<DATE>[\\d]{4}-[\\d]{2}-[\\d]{2} [\\d]{2}:[\\d]{2}:[\\d]{2},[\\d]{3}) - \\[(?P<SEVERITY>[\\w]*)\\] - \\[([ \\w]{4})\\] - \\[(?P<TIMESTAMP>[ \\d]*)\\] (?P<PAYLOAD>.*)"
        },
        {
            "alias": "System",
            "regex": "(?P<DATE>[\\d]{4}-[\\d]{2}-[\\d]{2} [\\d]{2}:[\\d]{2}:[\\d]{2}.[\\d]*) \\((?P<APP>[\\w\\d]*)[/ ]?(?P<FUNCTION>.*)\\) (?P<PAYLOAD>.*)"
        }
    ],
    "filters": [
        {
            "alias": "System",
            "action": "MARKER",
            "filter": {
                "app": "system",
                "color": [100, 100, 0]
            }
        },
        {
            "alias": "SIGKILL",
            "action": "MARKER",
            "filter": {
                "payload": "SIGKILL",
                "color": [255, 0, 0]
            }
        }
    ]
}

License

Dual-licensed under MIT or the UNLICENSE.

Dependencies

~21–34MB
~458K SLoC