Lnav Log Files Navigator Helps You Analyze Log Files in a Mac OS or Linux Terminal

If you have a problem with your computer, you may have to go through log files, or as a software engineer, you may be looking for clues about a bug in a debug or error log. It can be done in any text editor, but there may be a better way thanks to lnav Log Files Navigator that allows checking those files more easily and efficiently in a Mac OS or Linux terminal.

The following log files are supported by default even if they are compressed with gzip or bzip2:

  • Common Web Access Log format
  • CUPS page_log
  • Syslog
  • Glog
  • VMware ESXi/vCenter Logs
  • dpkg.log
  • uWSGI
  • “Generic” – Any message that starts with a timestamp
  • Strace

lnav is open-source software released under a BSD-2 clause in Github. It’s not new at all as some commits were made in January 2010, but it’s new to me, and hopefully to some of you as well.

There are various ways to install it, but the easiest way in Ubuntu is to install it as a snap.


Launching lnav with no other parameters will open /var/log/syslog automatically.

Warnings are shown in yellow and errors in red. You can easily navigate between errors and warnings with respectively e/E to w/E to move forward/backward through messages.

If you’re familiar with Vi/Vim, using lnav should be fairly easy as many of the commands are the same. For example, we can search with “/” to filter messages with a specific string.

Click to Enlarge

You can select the next/previous occurrence of the string with n/N. Tabulation is also supported so you don’t need to copy/paste or type longer strings.

If you want to master the program and make the most of it, you’ll need to read the documentation for command line parameters and shortcuts, as there are so many options.

Some of the cool features of the program include Single Log View showing all logs in a single window based on message timestamps, filtering content with regular expressions, a Timeline View showing when most errors and warnings occurred, Pretty-Print View to reformat structured data such as XML or JSON, and more.

Support CNX Software - Donate via PayPal or become a Patron on Patreon
Advertisements
Subscribe
Notify of
guest
5 Comments
oldest
newest most voted
tkaiser
tkaiser
2 months ago

> the easiest way in Ubuntu is to install it as a snap

But then you have to deal with AppArmor when trying to access logs outside of standard log locations. lnav is also available in the usual package repos, just more outdated as always. On Bionic for example:

simos
2 months ago

Currently, the snap package of lnav can read log files from “/var/log/” and from the users’s home directory.
You can specify lnav to read arbitrary logs from any file in the above directories.

Snap packages have a private tmp directory, for lnav it is “/tmp/snap.lnav”. Therefore, old habits of sharing files in “/tmp” will not work.

It is also possible to get “lnav” to read log files from attached disks. The developer has to ask for this permission and should be granted.

More on this at https://github.com/tstack/lnav/issues/525

Ronaldo Nunez
2 months ago

That’s a great tip! Thx

William Barath
William Barath
2 months ago

The snap isn’t working for me on 20.04. I’ve tried it using the default confinement, –classic (refused) and –devmode but in all cases it exits silently for any and all paths given.

On Focal, apt delivers version 0.8.5-2, and it works. 🙂

simos
2 months ago

The snap package of lnav should work out-of-the-box on Ubuntu 20.04 LTS.
By default, it opens “/var/log/syslog”. If you get any error, it is a bug and you should report it.
Post here any details and I can I look into it.

Advertisements