How to install and use lnav on CentOS 7

lnav on CentOS 7

Introduction

lnav, which stands for Log File Navigator, is a CLI-log file viewer built for small scale solutions. It is totally free, easy to use and customizable.
As all sysadmins know, GNU/Linux stores log files in the 

/var/log

 directory. So if any problems occur, the admin need to open and read various log files in that directory. In the absence of any additional tools, it is sometimes impossible to know which log file will contain the most relevant information, which necessitates manually going through all files, viewing their time-stamps and trying to diagnose the problem. This is a monotonous and time consuming task that you do not want to find yourself doing! Thankfully, with lnav sysadmins home users can accomplish this task simply and quickly. Let’s look at how to install lnav on CentOS 7.

Installing lnav on Centos 7

Installation is easy as reading this line. There are two ways:

  • through EPEL-repository
  • building from source
Using EPEL-repository

If not yet present, install the EPEL repository with:

# yum install epel-release

and then install the utility:

# yum install lnav

It’s a light piece of software (just 1.1MB) so it will be almost instantaneous.

Building from source

Download the source code:

$ wget https://github.com/tstack/lnav/releases/download/v0.8.1/lnav-0.8.1.tar.gz

Extract it with:

tar xf lnav-0.8.1.tar.gz

Lnav requires the following software packages:

  • libpcre – The Perl Compatible Regular Expression (PCRE) library
  • sqlite – The SQLite database engine
  • ncurses – The ncurses text UI library
  • readline – The readline line editing library
  • zlib – The zlib compression library
  • bz2 – The bzip2 compression library
  • re2c – The re2c scanner generator
  • libcurl – The cURL library for downloading files from URLs. Version 7.23.0 or higher is required

Next:

$ cd lnav-0.8.1
$ mkdir release
$ cd release
$ ../configure --prefix=/usr/local
$ make
# make install

Using lnav

Let’s first look at all the options taken by lnav:

usage: lnav [options] [logfile1 logfile2 ...]

A curses-based log file viewer that indexes log messages by type
and time to make it easier to navigate through files quickly.

Key bindings:
  ?     View/leave the online help text.
  q     Quit the program.

Options:
  -h         Print this message, then exit.
  -H         Display the internal help text.
  -I path    An additional configuration directory.
  -i         Install the given format files and exit.
  -C         Check configuration and then exit.
  -d file    Write debug messages to the given file.
  -V         Print version information.

  -a         Load all of the most recent log file types.
  -r         Load older rotated log files as well.
  -t         Prepend timestamps to the lines of data being read in
             on the standard input.
  -w file    Write the contents of the standard input to this file.

  -c cmd     Execute a command after the files have been loaded.
  -f path    Execute the commands in the given file.
  -n         Run without the curses UI. (headless mode)
  -q         Do not print the log messages after executing all
             of the commands or when lnav is reading from stdin.

Optional arguments:
  logfile1          The log files or directories to view.  If a
                    directory is given, all of the files in the
                    directory will be loaded.

Examples:
  To load and follow the syslog file:
    $ lnav

  To load all of the files in /var/log:
    $ lnav /var/log

  To watch the output of make with timestamps prepended:
    $ make 2>&1 | lnav -t
Running without arguments

As root, run lnav without arguments:

# lnav

It will open

/var/log/messages

log file, as in this screen:
1

The above command filtered log files for all <code>/var/log/</code> folders, as can be seen. It’s also possible to “specialize” the analysis to one directory. For instance:

# lnav /var/log/cups

The same thing can be done from inside a running session of

lnav

.

# lnav

Next, hit

:open /var/log/cups

 . Without closing the program, it will display CUPS log file informations. It can then be closed with

q

 ,which shows an interesting thing: lnav implements some keybindings from the VI text editor. To navigate inside a log file, admins can use

h,j,k,l

keys or arrow keys.

Old rotated log files

Sometimes, the informations are not available in the most recent files and it’s necessary to look into old log files. In these cases, use the

-r

option.

# lnav -r

Conclusions

This rapid overview has demonstrated how inspecting log files in a small scale system can be made easier by using this free and lightweight tool. It is available for all *nix platforms, so why not go ahead and use it! Everyone likes to avoid a headache…