![[info]](http://l-stat.livejournal.com/img/userinfo.gif?v=92.1){kind=small}
I've done a bit more hacking on my command-line/SQL mashup, currently called "show".
It can now handle /var/log/messages, /var/log/secure (and the rotated logs), so you can issue a command like this:
and browse the results
For example, here's a query with aggregation:
$ show "count(*)", source from /var/log/messages group by source order by "count(*)" desc limit 5
Going beyond log files, I used the rather wonderful Augeas library to get parsers for many of the files in /etc, and wrote a backend to leverage this, so you can write things like:
and
(it's a little dumb about string vs numeric types, and shell escaping requires lots of quotes here)
I extended the ncurses table-browsing UI so that you can scroll horizontally as well as vertically, which helps when the columns are wide.
The Fedora infrastructure team set up a hosted project for me, so you can see the source here:
https://fedorahosted.org/show/brows
An up-to-date SRPM can be grabbed from here:
http://people.redhat.com/dmalcolm/s
and you can grab the source via git here:
$ git clone git://git.fedorahosted.org/show.git
Thanks to everyone for the great feedback on my previous post.
I suspect some kind of integration with Func for running queries over groups of machines would be a good next step for this tool (oh, and fixing up the Trac instance)
Is /usr/bin/show too generic?
It can now handle /var/log/messages, /var/log/secure (and the rotated logs), so you can issue a command like this:
$ show /var/log/secure* where message like \"%authentication failure%\"
and browse the results
For example, here's a query with aggregation:
$ show "count(*)", source from /var/log/messages group by source order by "count(*)" desc limit 5
count(*)|source | --------+--------------+ 1635 |kernel | 1398 |NetworkManager| 98 |ntpd | 70 |avahi-daemon | 63 |dhclient |
Going beyond log files, I used the rather wonderful Augeas library to get parsers for many of the files in /etc, and wrote a backend to leverage this, so you can write things like:
$ show /etc/passwd where shell !=\'/sbin/nologin\'
and
$ show /etc/yum.repos.d/*.repo where gpgcheck != \'"1"\'
(it's a little dumb about string vs numeric types, and shell escaping requires lots of quotes here)
I extended the ncurses table-browsing UI so that you can scroll horizontally as well as vertically, which helps when the columns are wide.
The Fedora infrastructure team set up a hosted project for me, so you can see the source here:
https://fedorahosted.org/show/brows
An up-to-date SRPM can be grabbed from here:
http://people.redhat.com/dmalcolm/s
and you can grab the source via git here:
$ git clone git://git.fedorahosted.org/show.git
Thanks to everyone for the great feedback on my previous post.
I suspect some kind of integration with Func for running queries over groups of machines would be a good next step for this tool (oh, and fixing up the Trac instance)
Is /usr/bin/show too generic?
3 comments | Leave a comment
![[info]](http://l-stat.livejournal.com/img/openid-profile.gif?v=92.1){kind=small}
