lnav - Tool to View and Analyze Log Files from Linux Terminal

February 28, 2017 | By in OPEN SOURCE TOOLS
| Reply More

The Log File Navigator ( abbreviated as "lnav" ) is a tiny useful utility which helps users take an easy and cleaner look at system's log files. It is a freeware application which runs on Linux and Mac operating systems. For system administrators or any Linux desktop user, identifying system or application errors are possible only by analyzing system logs. Linux stores its log files in /var/log partition of the system, so if you are running into any problem, you need to open and view various log files in this directory. Most of the time, you are unsure which log file will contain the most relevant information, so you have to manually go through all files, view their time-stamps carefully and try to diagnose problem. Well, there is any easy way now, Install lnav on your system and you will have more detailed, better and live view of your system's log files. That's correct ! It displays logs from multiple files in a single window and you are also able to see live update to these logs. This tools making analyzing your logs and identifying problems a piece of cake. It has been designed for use on small scale only, it is a simple tool and works perfectly fine on all Linux flavors. In this article, we will review its prominent features, installation and usage process on Ubuntu 16.10 and CentOS 7 Linux system, however, same set of instructions should work for all versions of Ubuntu, Debian, CentOS and RHEL.

Salient Features of lnav

We will get to the installation and usage part  of lnav further in this article, lets first review its most important features.

  • It has ability to automatically detect multiple log formats, many applications store logs in various forms, this tool has ability to read log files of many different types and display accurate information from them.
  • It can easily decompress files of gzip and bzi2 type. Many other compression formats are also supported by this tool.
  • "Live operations" is the most exciting feature of this tool, usually you have to reload file(s) again and again to view the latest addition to them, while using lnav, you do not need to worry for this, it automatically keeps reading and displaying updates to log files on real time basis.
  • It displays filtered information only, so any unrelated logging to files is not displayed, thus it makes viewing logs extremely easy and efficient.
  • Its high-lightening and coloring features help users easily identify difference among "warnings", "info" or "error".
  • It queries logs through SQL and supports timeline view.

How to Install lnav on Ubuntu 16 / CentOS 7

By reading above mentioned features, you must be excited to give it a try.  For Ubuntu systems, it is already included in APT-GET package manager repositories, simply launch your terminal and run following command to install it on Ubuntu 16.10, 16.04, 15.10, 15.04 systems.

sudo apt-get install lnav

Install lnav

For CentOS 7 or older versions, you need to include EPEL Repository to your YUM first.

sudo yum install epel-release

Once Epel has been added successfully, run following command to install lnav.

sudo yum install lnav

Type following command to get help about lnav.

lnav -h

How to Use lnav

Let's use some examples to demonstrate the working of this tool, run lnav command and it will start displaying the real time information on the basis of most recent time stamps from all log files.

lnav

lnav

The above command filtered logs from all files inside "/var/log" directory, if you want to see logs from a specific directory only (say /var/log/apt/), you can use this utility as:

lnav /var/log/apt/

lnav apt

Sometimes, the information you are looking for is not available in the most recent files and you need to look into the archived or old log files, for example, your system was auto rebooted couple of days ago and you want to find out the root cause of this restart. In such situation, use lnav command with "r" switch as shown below.

lnav -r

lnav older logs

You can use "-n" switch to run lnav in headless mode (also known as "without Cursor UI" mode). The output of lnav in headless mode is as depicted in the following screenshot.

lnav -n

headless lnav

How to Use Hotkeys to Navigate through lnav

You can navigate through the output of "lnav" command using various hotkeys. Some of the examples are displayed below.

The hotkey "i" will switch your lnav window output to histogram view as shown in following screenshot. Pressing "i" key again will take you back to normal view of lnav.

lnav hotkey i

The "p" hotkey will display the results of log parser.

lnav hotkey P

If you want to see the information for top log files, you an use "m" hotkey when lnav is running and it will display your desired information.

lnav hotkey M

You can check lanv help using "lnav -h" to get complete list of hotkeys and options.

Conclusion

Hope you enjoyed this article, lnav is a must-have application for system administrator and network managers. It can help user in quickly identifying problems. Log file analysis has never been so easy before. It is completely free program and here is its official site for further details about features, usage and versions. Try it today, do let us know if you have any questions or comments, we will be glad to hear about your experience with this tiny utility.

Filed Under : LINUX HOWTO, OPEN SOURCE TOOLS

Tagged With : ,

Free Linux Ebook to Download

Leave a Reply

All comments are subject to moderation.