A log file viewer for the terminal. Merge, tail, search, filter, and query log files with ease. No server. No setup. Still featureful.
Just point lnav at a directory and it will take care of the rest. File formats are automatically detected and compressed files are unpacked on the fly. Online help and previews for operations make it simpler to level up your experience. Can merge the files by time into a single view. Can tail the files, follow renames, find new files in directories in realtime. Can show you only warnings and errors, search with regular expressions, highlight matches, filter, and even do basic statistics and visualizations of what it finds.
Github: https://github.com/tstack/lnav
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and more. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management.
For network visibility, we offer signature based detection via Suricata, rich protocol metadata and file extraction using either Zeek or Suricata, full packet capture using either Stenographer or Suricata, and file analysis. For host visibility, we offer the Elastic Agent which provides data collection, live queries via osquery, and centralized management using Elastic Fleet. Intrusion detection honeypots based on OpenCanary can be added to your deployment for even more enterprise visibility. All of these logs flow into Elasticsearch and we’ve built our own user interfaces for alerts, dashboards, threat hunting, case management, and grid management.
It's a pretty heavy stack, but they're aiming for the enterprise environment so it has to be.
cloudgrep is grep for cloud storage. It currently supports searching log files, optionally compressed with gzip (.gz) or zip (.zip), in AWS S3, Azure Storage or Google Cloud Storage. Directly searching cloud storage, without indexing logs into a SIEM or Log Analysis tool, can be faster and cheaper. There is no need to wait for logs to be ingested, indexed, and made available for searching. It searches files in parallel for speed.
The Log File Navigator, lnav for short, is an advanced log file viewer for the small-scale. It is a terminal application that can understand your log files and make it easy for you to find problems with little to no setup. Log messages from different files are collated together into a single view. Automatic detection of log format. Automatic decompression of GZip and BZip2 files. Filter log messages based on regular expressions. Use SQL to analyze your logs.
Even works with systemfail's journals.
Log configurations and scripts for host intrusion detection system. iptables, syslog and psad configs are here because they are becoming hard to otherwise manage. Configs for various systemd units, rsyslog, psad, logrotate, iptables. Tabkey completion files for bash. Manpages. A couple of scripts for managing running settings.
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. Requires minimal configuration. Run your web server logs through it and see what it comes up with.
For collecting GPS track logs suitable for uploading to Open Streetmap, gpsd includes a utility (gpxlogger) which connects to a running gpsd and generates those files. This is a link to its manpage.
A trick for setting a Git alias that prettifies the output of git log in a repository.
git config --global alias.lg "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"