Dumps syslog-formatted entries from an Elasticsearch-backed Logstash index.

It uses Elasticsearch's scroll API, so the results may not be sorted by time.


Simply running:

$ go get git.autistici.org/ai/logcat

will install the logcat binary in $GOPATH/bin.


The logcat tool provides a few command-line switches to simplify creating the final ES query:

  • --from and --to allow you to select a time range (by default the last hour of logs will be selected)
  • --facility filters results for a specific syslog facility ("mail", "kernel", etc).

Any other arguments on the command line will be parsed as a query string, so you can do things like extracting logs for a specific program:

$ logcat --facility mail 'program:"postfix/smtpd"'

and other arbitrary queries using the Elasticsearch query string syntax.