tail(1)-like utility for nginx log files that supports parsing, filtering and formatting of individual
log lines (in nginx's so-called "combined" log format).
Check it out, yo!
Instead of this...
... you get this:
$ tail -f /var/log/nginx/access.log | ntail 2011-01-21 14:07:34 - 220.127.116.11 - 200 - GET / - (Chrome, Linux) - - 2011-01-21 14:07:34 - 18.104.22.168 - 200 - GET /nginx-logo.png - (Chrome, Linux) - localhost 2011-01-21 14:07:34 - 22.214.171.124 - 200 - GET /spanoweredby.png - (Chrome, Linux) - localhost 2011-01-21 14:07:34 - 126.96.36.199 - 404 - GET /favicon.ico - (Chrome, Linux) - - 2011-01-21 14:19:04 - 188.8.131.52 - 304 - GET /nginx-logo.png - (Chrome, Linux) - - $ _
Installing the gem also installs the
ntail executable, typically as
$ gem install ntail
To ensure easy execution of the
ntail script, add the actual installation directory to your shell's
process an entire nginx log file and print each parsed and formatted line to STDOUT
$ ntail /var/log/nginx/access.log
process an entire nginx log file and pipe each parsed and formatted line into a browser (depends on the optional
$ ntail /var/log/nginx/access.log | bcat
tail an "active" nginx log file and print each new line to STDOUT (stop with ^C)
$ tail -f /var/log/nginx/access.log | ntail
tail an "active" nginx log file and pipe each new line into a browser (stop with ^C)
$ tail -f /var/log/nginx/access.log | ntail | bcat
read from STDIN and print each line to STDOUT (stop with ^D)
read from STDIN and print out the length of each line (to illustrate -e option)
$ ntail -e 'puts size'
read from STDIN but only print out non-empty lines (to illustrate -f option)
$ ntail -f 'size != 0'
the following invocations behave exactly the same (to illustrate -e and -f options)
$ ntail $ ntail -f 'true' -e 'puts self'
print out all HTTP requests that are coming from a given IP address
$ ntail -f 'remote_address == "184.108.40.206"' /var/log/nginx/access.log
find all HTTP requests that resulted in a '5xx' HTTP error/status code (e.g. Rails 500 errors)
$ gunzip -S .gz -c access.log-20101216.gz | ntail -f 'server_error_status?'
generate a summary report of HTTP status codes, for all non-200 HTTP requests
$ ntail -f 'status != "200"' -e 'puts status' access.log | sort | uniq -c 76 301 16 302 2 304 1 406
print out GeoIP country and city information for each HTTP request (depends on the optional
$ ntail -e 'puts [to_country_s, to_city_s].join("\t")' /var/log/nginx/access.log United States Los Angeles United States Houston Germany Berlin United Kingdom London
print out the IP address and the corresponding host name for each HTTP request (slows things down considerably, due to
$ ntail -e 'puts [remote_address, to_host_s].join("\t")' /var/log/nginx/access.log 220.127.116.11 crawl-66-249-72-196.googlebot.com 18.104.22.168 s402.pingdom.com 22.214.171.124 adsl-75-31-109-144.dsl.irvnca.sbcglobal.net
parse an access log file, and pipe its raw output (indirectly - via the
parsed.logfile) into the
gltailrealtime logfile visualizer
$ ntail -v --raw --sleep 0.1 /var/log/nginx/access.log > parsed.log
- implement a native
"-f"option for ntail, similar to that of
tail(1), using e.g. flori's file-tail gem
- implement a
"-i"option ("ignore exceptions"/"continue processing"), if handling a single line raises an exception
- or indeed a reverse
"-r"option ("re-raise exception"), to immediately stop processing and raising the exception for investigation
- implement (better) support for custom nginx log formats, in addition to nginx's default "combined" log format (as well as Apache's various log formats)
- ntail's parsing feature is inspired by an nginx log parser written by Richard Taylor (moomerman)
- parsing and expanding ntail's formatting string is done using nathansobo's quite brilliant treetop gem
- ntail's raw line output is compatible with Fudge's fun and useful gltail gem, as well as the quite amazing logstalgia
- kudos to Ed James (edjames) for recommending the use of instance_eval to clean up the DSL
- ntail's HTML formatting was requested/suggested by Phil Berryman and implemented whilst listening to Leftism, the Leftfield album recommended to me by Alastair Douglas
Contributing to ntail
- Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
- Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
- Fork the project
- Start a feature/bugfix branch
- Commit and push until you are happy with your contribution
- Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
- Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
Copyright (c) 2011 Peter Vandenberk. See LICENSE.txt for further details.