L

logcat

Dump syslog-formatted entries from a logstash index.

Name Last Update
debian Loading commit data...
vendor Loading commit data...
.gitlab-ci.yml Loading commit data...
COPYING Loading commit data...
README.md Loading commit data...
logcat.go Loading commit data...

logcat

Dumps syslog-formatted entries from an Elasticsearch-backed Logstash index.

It uses Elasticsearch's scroll API, so the results may not be sorted by time.

Installation

Simply running:

$ go get git.autistici.org/ai/logcat

will install the logcat binary in $GOPATH/bin.

Usage

The logcat tool provides a few command-line switches to simplify creating the final ES query:

  • --from and --to allow you to select a time range (by default the last hour of logs will be selected)
  • --facility filters results for a specific syslog facility ("mail", "kernel", etc).

Any other arguments on the command line will be parsed as a query string, so you can do things like extracting logs for a specific program:

$ logcat --facility mail 'program:"postfix/smtpd"'

and other arbitrary queries using the Elasticsearch query string syntax.