Joachim Burket's Page

Lnav - Logs Navigator

 
  • Feb 22, 2023

Some details about lnav tool.

Useful documentation:

Lnav (Logs navigator) is a tool to watch and analyze log files from a terminal.

lnav-screenshot

Installation

To install lnav on Linux:

# On debian based distrib
sudo apt install lnav

# On fedora/centos/rhel distrib
sudo yum install lnav

Check the installed version

lnav -V

Usage

Launch lnav on a log file with:

# Open `/var/log/messages` log file
lnav /var/log/messages

# Open all the `/var/log/messages` log files, including the archived ones (e.g. `messages-2023-02-19`)
lnav /var/log/messages*

Useful hotkeys in lnav:

  • ?: open lnav help
  • q: quit the current view, or lnav
  • /: start a search
  • :: execute an lnav command
  • =: Pause/unpause logs loading
  • Ctrl+r: Reset the current session state (includes filters, bookmarks, hidden fields)
  • PgUp / PgDn: Up/Down a page
  • Home / End: Top/Bottom of the opened logs
  • e / Shift+e: Next/Previous error
  • 0 / Shift+0: Next/Previous day

The full list can be found in the hotkeys doc.

To search in the logs, type the key / in lnav, followed by a regex of the search:

# search my-service in the logs
/my-service

# search an ipv4 addr in the logs
/(\b25[0-5]|\b2[0-4][0-9]|\b[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}

Commands

To start a command, type : in lnav. The commands history can be navigated with the up and downarrows.

Some useful commands:

  • filter-in <regex>: Show only logs that match the regex
  • filter-out <regex>: Don’t show logs that match the regex
  • disable-filter <regex>: Disable a filter created
  • hide-lines-before and hide-lines-after: Hide lines before/after a date (e.g. hide-line-before 6am to hide logs before today 6am, or hide-lines-before 2023-12-18T01:39:09.000 to hide lines before a specific datetime)
  • show-lines-before-and-after: Stop hiding lines before and after dates
  • set-min-log-level <level>: Set the minimum log level to view (can be debug, info, warn, error)
  • write-raw-to <filename>: write logs (example concatenated logs with filters) to another file. Starting with lnav version 0.11.1, an option --anonymize allows to anonymize the IP addresses, URLs, MAC addresses, emails, etc… to share logs.

Commands generally support the TAB completion.

The list of the supported commands can be found here: https://docs.lnav.org/en/latest/commands.html#reference.

Search