lnav

View logs of a program, specifying log files, directories or URLs

$ lnav [path/to/log_or_directory|url]

$ lnav [ssh] [user]@[host1.example.com]:[/var/log/syslog.log]

$ lnav -C [path/to/log_directory]

lnav [OPTIONS] [FILE | DIRECTORY | URL ...]

-d

lnav is an advanced, curses-based log file viewer that automatically detects common log formats such as syslog, Apache, Nginx, and various application logs. It offers powerful features like syntax highlighting, filtering, searching (including regular expressions and historical searches), and real-time tailing of multiple log files simultaneously. A standout feature is its built-in SQL query engine, which allows users to execute SQL queries directly against the loaded log data as if it were a relational database. This enables sophisticated analysis, aggregation, and correlation of log entries. lnav also supports decompression of gzipped files, pretty-printing and navigation of structured data like JSON and XML, and can even open logs from URLs. Its intuitive interface and powerful capabilities make it an indispensable tool for system administrators and developers for efficient log troubleshooting and analysis.

While powerful, lnav can consume significant memory and CPU resources when dealing with extremely large log files or numerous concurrently tailed files. The performance of SQL queries is directly dependent on the volume of log data and the complexity of the query. There might be a slight learning curve for users to fully leverage its advanced features, especially the SQL querying capabilities and internal command-line interface. lnav is strictly a log viewer and analyzer; it does not provide any capabilities for modifying the log files themselves.

Allows users to run SQL queries directly on loaded log data. Log fields are treated as database columns, enabling complex aggregations, filtering, and joins across different log types. This is invaluable for deep analysis and correlation.

Automatically identifies common log formats (e.g., syslog, Apache, Nginx, generic access logs, Android logs) and applies appropriate highlighting and parsing rules without manual configuration.

Provides a visual representation of log messages over time, allowing quick identification of spikes or anomalies in log activity. This view is particularly useful for performance monitoring and troubleshooting.

Can tail multiple log files or directories simultaneously, aggregating their output into a single chronological view. This is crucial for monitoring distributed systems or applications with multiple log sources.

Beyond plain text logs, lnav can pretty-print and navigate structured data like JSON and XML embedded within log messages or as standalone files, making it easier to inspect complex data structures.

Allows opening log files directly from HTTP/HTTPS URLs, enabling analysis of remote logs without explicit download.

lnav was created by Tim Stack and first released around 2007, evolving from a simple curses-based log viewer into a comprehensive log analysis tool. Its development has focused on integrating advanced features like automatic log format detection and a powerful SQL query engine directly into an interactive terminal interface. Written in C++, it has gained significant popularity in the Linux administration and development communities for its efficiency and unique capabilities.

less(1), tail(1), grep(1), awk(1), sed(1), multitail(1)