Log in

24 March 2009 @ 10:04 pm
I've done a bit more hacking on my command-line/SQL mashup, currently called "show".

It can now handle /var/log/messages, /var/log/secure (and the rotated logs), so you can issue a command like this:
  $ show /var/log/secure* where message like \"%authentication failure%\"

and browse the results

For example, here's a query with aggregation:
$ show "count(*)", source from /var/log/messages group by source order by "count(*)" desc limit 5
count(*)|source        |
1635    |kernel        |
1398    |NetworkManager|
98	|ntpd          |
70	|avahi-daemon  |
63	|dhclient      |

Going beyond log files, I used the rather wonderful Augeas library to get parsers for many of the files in /etc, and wrote a backend to leverage this, so you can write things like:
  $ show /etc/passwd where shell !=\'/sbin/nologin\'

  $ show /etc/yum.repos.d/*.repo where gpgcheck != \'"1"\'

(it's a little dumb about string vs numeric types, and shell escaping requires lots of quotes here)

I extended the ncurses table-browsing UI so that you can scroll horizontally as well as vertically, which helps when the columns are wide.

The Fedora infrastructure team set up a hosted project for me, so you can see the source here:
https://fedorahosted.org/show/browser (thanks!)

An up-to-date SRPM can be grabbed from here:

and you can grab the source via git here:
$ git clone git://git.fedorahosted.org/show.git

Thanks to everyone for the great feedback on my previous post.

I suspect some kind of integration with Func for running queries over groups of machines would be a good next step for this tool (oh, and fixing up the Trac instance)

Is /usr/bin/show too generic?