Analysing logs with lnav
Before I forget about it, I want to make a note on here about lnav. It's available in the default Ubuntu repositories, and I discovered it a while back.
(Above: a screenshot of lnav. The pixellated bits are the IPs, which I've hidden for privacy.)
Essentially, it's a tool to make reading and analysing log files much easier. It highlights the interesting bits, and also allows you to filter log lines in or out with regular expressions. It even allows you to query your logs with SQLite if they are in any of the well-known formats that it can parse - and you can write your own log line parser definitions too with a JSON configuration file!
I find it a great tool to us every now and then to get an overview of my various devices that I manage to see if there are any issues I need to take care of. The error and warning message highlighting (while not perfect) is also rather useful to help in spotting the things that require my attention.
If you're on a Debian-based distribution of Linux, you should be able to install it like so:
sudo apt install lnav
Then, to analyse some log files:
You can also use Bash's glob-star feature to specify multiple log files. it can also automatically unpack gzipped logfiles too:
Of course, don't forget to prefix with
sudo if you require it to read a given logfile.