Log in

No account? Create an account
24 March 2009 @ 10:04 pm
More command-line SQL  
I've done a bit more hacking on my command-line/SQL mashup, currently called "show".

It can now handle /var/log/messages, /var/log/secure (and the rotated logs), so you can issue a command like this:
  $ show /var/log/secure* where message like \"%authentication failure%\"

and browse the results

For example, here's a query with aggregation:
$ show "count(*)", source from /var/log/messages group by source order by "count(*)" desc limit 5
count(*)|source        |
1635    |kernel        |
1398    |NetworkManager|
98	|ntpd          |
70	|avahi-daemon  |
63	|dhclient      |

Going beyond log files, I used the rather wonderful Augeas library to get parsers for many of the files in /etc, and wrote a backend to leverage this, so you can write things like:
  $ show /etc/passwd where shell !=\'/sbin/nologin\'

  $ show /etc/yum.repos.d/*.repo where gpgcheck != \'"1"\'

(it's a little dumb about string vs numeric types, and shell escaping requires lots of quotes here)

I extended the ncurses table-browsing UI so that you can scroll horizontally as well as vertically, which helps when the columns are wide.

The Fedora infrastructure team set up a hosted project for me, so you can see the source here:
https://fedorahosted.org/show/browser (thanks!)

An up-to-date SRPM can be grabbed from here:

and you can grab the source via git here:
$ git clone git://git.fedorahosted.org/show.git

Thanks to everyone for the great feedback on my previous post.

I suspect some kind of integration with Func for running queries over groups of machines would be a good next step for this tool (oh, and fixing up the Trac instance)

Is /usr/bin/show too generic?
ext_177225 on March 25th, 2009 04:19 am (UTC)
Mashup Name
If you need a less generic name then I suggest a mashup: shelect
Jeremy Katzkatzj on March 25th, 2009 01:19 pm (UTC)
Yes, it's too generic. /usr/bin/squeal is much better ;-)
berrange on March 26th, 2009 12:46 pm (UTC)
I think 'show' is a perfect name for it. Very easy to type and remember. You just need to think up a second command, call it 'tell', and then you can do 'show & tell' presentations at conferences ;-P