ntail

A tail(1)-like utility for nginx log files that supports parsing, filtering and formatting individual log lines.

> gem install ntail

Examples

  • read from STDIN and print each line to STDOUT (stop with ^D)

    > ntail

  • process an nginx log file and print each line to STDOUT

    > ntail /var/log/nginx/access.log

  • tail an “active” nginx log file and print each new line to STDOUT (stop with ^C)

    > tail -f /var/log/nginx/access.log | ntail

  • tail STDIN and print out the length of each line (to illustrate -e option)

    > ntail -e '{ |line| puts line.size }'

  • tail STDIN but only print out non-empty lines (to illustrate -f option)

    > ntail -f '{ |line| line.size > 0 }'

  • the following invocations behave exactly the same (to illustrate -e and -f options)

    > ntail
> ntail -f '{ |line| true }' -e '{ |line| puts line }'

  • print out all HTTP requests that are coming from a given IP address

    > ntail -f '{ |line| line.remote_address == "208.67.222.222" }' /var/log/nginx/access.log

  • find all HTTP requests that resulted in a ‘5xx’ HTTP error/status code (e.g. Rails 500 errors)

    > gunzip -S .gz -c access.log-20101216.gz | ntail -f '{ |line| line.server_error_status? }'

  • generate a summary report of HTTP status codes, for all non-200 HTTP requests

    > ntail -f '{ |line| line.status != "200" }' -e '{ |line| puts line.status }' access.log | sort | uniq -c
76 301
16 302
 2 304
 1 406

  • print out GeoIP country and city information for each HTTP request (depends on the optional geoip gem)

    > ntail -e '{ |line| puts [line.to_country, line.to_city].join("\t") }' /var/log/nginx/access.log
United States   Los Angeles
United States   Houston
Germany         Berlin
United Kingdom  London

  • print out the IP address and the corresponding host name for each HTTP request (slows things down considerably, due to nslookup call)

    > ntail -e '{ |line| puts [line.remote_address, line.to_host_name].join("\t") }' /var/log/nginx/access.log
66.249.72.196   crawl-66-249-72-196.googlebot.com
67.192.120.134  s402.pingdom.com
75.31.109.144   adsl-75-31-109-144.dsl.irvnca.sbcglobal.net

TODO

  • implement a native "-f" option for ntail, similar to that of tail(1)

  • implement a "-i" option (“ignore exceptions”/“continue processing”), if handling a single line raised an exception

  • make PROXY_IP_ADDRESS configurable (from command line and/or rc file)

  • make OFFICE_IP_ADDRESS configurable (from command line and/or rc file)

  • make KNOWN_SEARCH_BOTS configurable (from command line and/or rc file)

  • make INTERNAL_REFERERS configurable (from command line and/or rc file)

  • make AUTOMATED_REQUESTS configurable (from command line and/or rc file)

  • make STATIC_REPOS configurable (from command line and/or rc file)

Acknowledgements

ntail’s parsing feature is inspired by an nginx log parser written by Richard Taylor (moomerman)

Contributing to ntail

  • Check out the latest master to make sure the feature hasn’t been implemented or the bug hasn’t been fixed yet

  • Check out the issue tracker to make sure someone already hasn’t requested it and/or contributed it

  • Fork the project

  • Start a feature/bugfix branch

  • Commit and push until you are happy with your contribution

  • Make sure to add tests for it. This is important so I don’t break it in a future version unintentionally.

  • Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.

Copyright © 2010 Peter Vandenberk. See LICENSE.txt for further details.