How to Install and Use Lnav Log Viewer on Ubuntu 16.04 LTS

LNAV also know as Lateral Navigation is a free and open source enhanced log file viewer that can be used to find information of files being viewed along with the time stamps and log levels. LNAV is a command line log file viewer built for small scale solutions. It is simple, easy to use and customizable. LNAV is a totally freeware application that runs on Linux and Mac operating systems. It enables user to display logs from multiple files in a single window and you are also able to see a live update to these logs.

LNAV comes with lot's of features, some of them are listed below:

  • Allows you to queries log through SQL.
  • Ability to detect and read logs from multiple log formats.
  • It has coloring lightening features that help users easily identify differences among info, warning and error.
  • Automatically extract data from compress file like, gzip and bzip2.
  • Ability to search logs as you type. New log lines are automatically loaded and searched as they are added.

In this tutorial, we will explain how to install and use lnav on Ubuntu 16.04 server.

Requirements

  • A server running Ubuntu 16.04.
  • A non-root user with sudo privileges.

Install Lnav

By default, lnav is available in Ubuntu 16.04 default repository. So you can install it by just running the following command:

sudo apt-get install lnav -y

After installing lnav, you can view the version of the lnav by running the following command:

lnav -V

You should see the following output:

lnav 0.6.2

Working with Lnav

You can view all the options of lnav using the following command:

lnav -h

You should see the following output:

usage: lnav [-hVsar] [logfile1 logfile2 ...]

A curses-based log file viewer that indexes log messages by type
and time to make it easier to navigate through files quickly.

Key bindings:
  ?     View/leave the online help text.
  q     Quit the program.

Options:
  -h         Print this message, then exit.
  -C         Check configuration and then exit.
  -d file    Write debug messages to the given file.
  -V         Print version information.
  -s         Load the most recent syslog messages file.
  -a         Load all of the most recent log file types.
  -r         Load older rotated log files as well.
  -t         Prepend timestamps to the lines of data being read in
             on the standard input.
  -w file    Write the contents of the standard input to this file.

Optional arguments:
  logfile1          The log files or directories to view.  If a
                    directory is given, all of the files in the
                    directory will be loaded.

Examples:
  To load and follow the syslog file:
    $ lnav -s

  To load all of the files in /var/log:
    $ lnav /var/log

  To watch the output of make with timestamps prepended:
    $ make 2>&1 | lnav -t

Version: lnav 0.6.2

Now, let's start to run lnav command to see the real time information on the basis of most recent time stamps from all log files. This command will collect log from all file inside /var/log directory.

sudo lnav

You should see the following output:

Jan 28 16:56:01 icingaclient wpa_supplicant[926]: wlan0: CTRL-EVENT-SCAN-STARTED
Jan 28 16:59:46 icingaclient dhclient: DHCPREQUEST of 192.168.137.101 on wlan0 to 192.168.137.1 port 67 (xid=0xcd468e)
Jan 28 16:59:46 icingaclient dhclient: DHCPACK of 192.168.137.101 from 192.168.137.1
Jan 28 16:59:46 icingaclient dhclient: bound to 192.168.137.101 -- renewal in 273 seconds.
Jan 28 16:59:46 icingaclient NetworkManager[865]:  (wlan0): DHCPv4 state changed reboot -> renew
Jan 28 16:59:46 icingaclient NetworkManager[865]:    address 192.168.137.101
Jan 28 16:59:46 icingaclient NetworkManager[865]:    prefix 24 (255.255.255.0)
Jan 28 16:59:46 icingaclient NetworkManager[865]:    gateway 192.168.137.1
Jan 28 16:59:46 icingaclient NetworkManager[865]:    nameserver '192.168.137.1'
Jan 28 16:59:46 icingaclient NetworkManager[865]:    domain name 'mshome.net'
Jan 28 16:59:46 icingaclient dbus[779]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jan 28 16:59:46 icingaclient dbus[779]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jan 28 17:04:19 icingaclient dhclient: DHCPREQUEST of 192.168.137.101 on wlan0 to 192.168.137.1 port 67 (xid=0xcd468e)
Jan 28 17:04:19 icingaclient dhclient: DHCPACK of 192.168.137.101 from 192.168.137.1
Jan 28 17:04:20 icingaclient dhclient: bound to 192.168.137.101 -- renewal in 226 seconds.
Jan 28 17:04:20 icingaclient NetworkManager[865]:  (wlan0): DHCPv4 state changed renew -> renew
Jan 28 17:04:20 icingaclient NetworkManager[865]:    address 192.168.137.101
Jan 28 17:04:20 icingaclient NetworkManager[865]:    prefix 24 (255.255.255.0)
Jan 28 17:04:20 icingaclient NetworkManager[865]:    gateway 192.168.137.1
Jan 28 17:04:20 icingaclient NetworkManager[865]:    nameserver '192.168.137.1'
Jan 28 17:04:20 icingaclient NetworkManager[865]:    domain name 'mshome.net'
Jan 28 17:04:20 icingaclient dbus[779]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jan 28 17:04:20 icingaclient dbus[779]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jan 28 17:05:01 icingaclient CRON[3964]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Jan 28 17:08:06 icingaclient dhclient: DHCPREQUEST of 192.168.137.101 on wlan0 to 192.168.137.1 port 67 (xid=0xcd468e)
Jan 28 17:08:06 icingaclient dhclient: DHCPACK of 192.168.137.101 from 192.168.137.1
Jan 28 17:08:06 icingaclient dhclient: bound to 192.168.137.101 -- renewal in 297 seconds.
Jan 28 17:08:06 icingaclient NetworkManager[865]:  (wlan0): DHCPv4 state changed renew -> renew
Jan 28 17:08:06 icingaclient NetworkManager[865]:    address 192.168.137.101
Jan 28 17:08:06 icingaclient NetworkManager[865]:    prefix 24 (255.255.255.0)
Jan 28 17:08:06 icingaclient NetworkManager[865]:    gateway 192.168.137.1
Jan 28 17:08:06 icingaclient NetworkManager[865]:    nameserver '192.168.137.1'
Jan 28 17:08:06 icingaclient NetworkManager[865]:    domain name 'mshome.net'
Jan 28 17:08:06 icingaclient dbus[779]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jan 28 17:08:06 icingaclient dbus[779]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'

If you want to see log from /var/log/apache2 directory, run the following command:

sudo lnav /var/log/apache2

Sometimes, the latest information are not available in the most recent files. So you can display information from old log files using the -r option:

sudo lnav -r

You should see the following output:

Jan 28 17:04:20 icingaclient dhclient: bound to 192.168.137.101 -- renewal in 226 seconds.
Jan 28 17:04:20 icingaclient NetworkManager[865]:  (wlan0): DHCPv4 state changed renew -> renew
Jan 28 17:04:20 icingaclient NetworkManager[865]:    address 192.168.137.101
Jan 28 17:04:20 icingaclient NetworkManager[865]:    prefix 24 (255.255.255.0)
Jan 28 17:04:20 icingaclient NetworkManager[865]:    gateway 192.168.137.1
Jan 28 17:04:20 icingaclient NetworkManager[865]:    nameserver '192.168.137.1'
Jan 28 17:04:20 icingaclient NetworkManager[865]:    domain name 'mshome.net'
Jan 28 17:04:20 icingaclient dbus[779]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jan 28 17:04:20 icingaclient dbus[779]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jan 28 17:05:01 icingaclient CRON[3964]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Jan 28 17:08:06 icingaclient dhclient: DHCPREQUEST of 192.168.137.101 on wlan0 to 192.168.137.1 port 67 (xid=0xcd468e)
Jan 28 17:08:06 icingaclient dhclient: DHCPACK of 192.168.137.101 from 192.168.137.1
Jan 28 17:08:06 icingaclient dhclient: bound to 192.168.137.101 -- renewal in 297 seconds.
Jan 28 17:08:06 icingaclient NetworkManager[865]:  (wlan0): DHCPv4 state changed renew -> renew
Jan 28 17:08:06 icingaclient NetworkManager[865]:    address 192.168.137.101
Jan 28 17:08:06 icingaclient NetworkManager[865]:    prefix 24 (255.255.255.0)
Jan 28 17:08:06 icingaclient NetworkManager[865]:    gateway 192.168.137.1
Jan 28 17:08:06 icingaclient NetworkManager[865]:    nameserver '192.168.137.1'
Jan 28 17:08:06 icingaclient NetworkManager[865]:    domain name 'mshome.net'
Jan 28 17:08:06 icingaclient dbus[779]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jan 28 17:08:06 icingaclient dbus[779]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jan 28 17:12:47 icingaclient dnsmasq[1174]: nameserver 192.168.137.1 refused to do a recursive query
Jan 28 17:13:03 icingaclient dhclient: DHCPREQUEST of 192.168.137.101 on wlan0 to 192.168.137.1 port 67 (xid=0xcd468e)
Jan 28 17:13:03 icingaclient dhclient: DHCPACK of 192.168.137.101 from 192.168.137.1
Jan 28 17:13:03 icingaclient dhclient: bound to 192.168.137.101 -- renewal in 291 seconds.

You can also view the log file with timestamps options using the -t option:

sudo lnav -t

You should see the following output:

Jan 28 17:08:06 icingaclient dhclient: DHCPACK of 192.168.137.101 from 192.168.137.1
Jan 28 17:08:06 icingaclient dhclient: bound to 192.168.137.101 -- renewal in 297 seconds.
Jan 28 17:08:06 icingaclient NetworkManager[865]:  (wlan0): DHCPv4 state changed renew -> renew
Jan 28 17:08:06 icingaclient NetworkManager[865]:    address 192.168.137.101
Jan 28 17:08:06 icingaclient NetworkManager[865]:    prefix 24 (255.255.255.0)
Jan 28 17:08:06 icingaclient NetworkManager[865]:    gateway 192.168.137.1
Jan 28 17:08:06 icingaclient NetworkManager[865]:    nameserver '192.168.137.1'
Jan 28 17:08:06 icingaclient NetworkManager[865]:    domain name 'mshome.net'
Jan 28 17:08:06 icingaclient dbus[779]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jan 28 17:08:06 icingaclient dbus[779]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jan 28 17:12:47 icingaclient dnsmasq[1174]: nameserver 192.168.137.1 refused to do a recursive query
Jan 28 17:13:03 icingaclient dhclient: DHCPREQUEST of 192.168.137.101 on wlan0 to 192.168.137.1 port 67 (xid=0xcd468e)
Jan 28 17:13:03 icingaclient dhclient: DHCPACK of 192.168.137.101 from 192.168.137.1
Jan 28 17:13:03 icingaclient dhclient: bound to 192.168.137.101 -- renewal in 291 seconds.
Jan 28 17:13:03 icingaclient NetworkManager[865]:  (wlan0): DHCPv4 state changed renew -> renew
Jan 28 17:13:03 icingaclient NetworkManager[865]:    address 192.168.137.101
Jan 28 17:13:03 icingaclient NetworkManager[865]:    prefix 24 (255.255.255.0)
Jan 28 17:13:03 icingaclient NetworkManager[865]:    gateway 192.168.137.1
Jan 28 17:13:03 icingaclient NetworkManager[865]:    nameserver '192.168.137.1'
Jan 28 17:13:03 icingaclient NetworkManager[865]:    domain name 'mshome.net'
Jan 28 17:13:03 icingaclient dbus[779]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jan 28 17:13:03 icingaclient dbus[779]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'

To load all of the most recent log file types, run the following command:

sudo lnav -a

Use Hotkey with Lnav

You can also navigate the output of lnav command using various hotkey options.

First, run lnav command:

sudo lnav

You should see the following output:

Lnav log viewer

Now, use i key from your keyboard to switch lnav output to histogram view as shown below:

Lnav hotkeys

Next, use p key to view the log parser result as shown below:

Lnav p key

Next, use m key to mark the top log files as shown below:

lnav m key

Conclusion

I hope you can now easily identifying problems using lnav. You can also refer its official site for more details. Feel free to comments if you have any questions.

Share this page:

1 Comment(s)