tailtales 0.1.21

Flexible log viewer for logfmt and other formats with filtering, filtering expressions, and real-time pipe following.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249

# colors:
#  * black
#  * red
#  * green
#  * yellow
#  * blue
#  * magenta
#  * cyan
#  * gray
#  * darkgray
#  * lightred
#  * lightgreen
#  * lightyellow
#  * lightblue
#  * lightmagenta
#  * lightcyan
#  * white

global:
  reload_on_truncate: false
  gutter_symbol: "" # I like this one as it allows to have two colors (front and back)
  # gutter_symbol: "█"
  # gutter_symbol: "♥"
  # gutter_symbol: "✔"
  # gutter_symbol: "│"

colors:
  normal: white black
  highlight: white darkgray
  mark: yellow black
  mark_highlight: black yellow
  table:
    header: black lightgreen
  details:
    title: green black
    key: green black
    value: yellow black
    border: green black
  footer:
    command: cyan black
    filter: yellow black
    search: magenta black
    version: blue black
    rule: green black
    other: cyan black
    line_number: blue black

# If called without any argument, this is what it opens.
# With ! at the begining it will execute the command with the rest of the argumments
default_arguments:
  - "!journalctl"
  - -f
  - --since
  - today
  - -o
  - short-iso

keybindings:
  ":": "command"
  "=": "warning {{line_number}}"
  "|": "mode filter"
  "f": "mode filter"
  "/": "mode search"
  "n": "search_next"
  "shift-n": "search_prev"
  "control-del": "clear_records"
  "control-l": "refresh_screen"
  "F1": "exec xdg-open https://github.com/davidmoreno/tailtales/#use"
  "F2": "exec xdg-open https://www.perplexity.ai/search/new?q={{lineqs}}"
  "F3": "exec xdg-open https://www.duckduckgo.com/?q={{lineqs}}"
  "F4": "exec xdg-open https://google.com/search?q={{lineqs}}"
  "q": "quit"
  "control-c": |
    exec wl-copy "{{line}}" || echo "{{line}}" | xclip -i -selection clipboard
    warning "Line copied to clipboard"
  "o": "help"
  "j": "vmove 1"
  "k": "vmove -1"
  "up": "vmove -1"
  "down": "vmove 1"
  "page up": "vmove -10"
  "page down": "vmove 10"
  "left": "hmove -1"
  "right": "hmove 1"
  "control-left": "hmove -10"
  "control-right": "hmove 10"
  "home": "vgoto 0"
  "end": "vgoto 2000000000" # should be enough, and 32 bits signed
  " ": "toggle_mark yellow"
  "1": "toggle_mark red"
  "2": "toggle_mark green"
  "3": "toggle_mark blue"
  "4": "toggle_mark magenta"
  "5": "toggle_mark cyan"
  "tab": "move_to_next_mark"
  "shift-back tab": "move_to_prev_mark"
  "esc": "mode normal"
  "v": "toggle_details"

# Uses the file_patterns to determine which rules to apply
# Can be expanded at your ~/.config/tailtales/settings.yaml
rules:
  - name: apache
    file_patterns:
      - access\.log
      - apache/.*\.log
    extractors:
      # Common Log Format, see http://httpd.apache.org/docs/2.0/logs.html#common
      #  127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326
      - pattern <ip> - <user> [<timestamp>] "<method> <url> <protocol>" <status> <bytes>
      # - transform timestamp iso8601
    filters:
      - name: errors
        expression: status >= 500
        highlight: red
      - name: not_found
        expression: status == 404
        highlight: yellow
      - name: successful
        expression: status == 200
        highlight: green
      - name: redirect
        expression: status == 304
        highlight: blue
      - name: empty requests
        expression: bytes == 0
        highlight: red
    columns:
      - name: timestamp
        width: 25
      - name: ip
        width: 15
      - name: method
        width: 5
      - name: url
        width: 30
      - name: protocol
        width: 10
      - name: status
        width: 5
      - name: bytes
        width: 10
        align: right

  - name: dpkg
    file_patterns:
      - dpkg\.log
    extractors:
      - regex (?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (?P<action>startup archives unpack|upgrade|status half-configured|status unpacked|status half installed|status triggers pending|configure)
      - regex (?P<package>[\w\d\.-]+):(?P<arch>\w+) (?P<version>\d.*)
    columns:
      - name: line_number
        width: 6
        align: right
      - name: action
        width: 16
      - name: package
        width: 16
      - name: version
        width: 8

  - name: nginx
    file_patterns:
      - nginx/*.log
    extractors:
      # 127.0.0.1 - - [02/Jan/2024:12:10:46 +0100] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0"
      - pattern <ip> - <user> [<timestamp>] "<method> <url> <protocol>" <status> <bytes> "<referer>" "<user_agent>"
      - transform timestamp iso8601
    filters:
      - name: errors
        expression: status ~ "5\d\d"
        color: white red
      - name: not_found
        expression: status == 404
        color: white yellow
      - name: successful
        expression: status == 200
        color: white green
      - name: too big
        expression: bytes > 1000000
      - name: empty requests
        expression: bytes == 0

  - name: json
    file_patterns:
      - .*\.json
    extractors:
      - json
    filters:
      - color: white red
        expression: level == "error"
      - color: white yellow
        expression: level == "warning"
      - color: white green
        expression: level == "info"

  - name: django
    file_patterns:
      - django/.*\.log
    extractors:
      - pattern <timestamp> <level> <module> <message>
      - transform timestamp iso8601
    filters:
      - name: errors
        expression: level == "ERROR"
        highlight: white red
      - name: warnings
        expression: level == "WARNING"
        highlight: white yellow
      - name: infos
        expression: level == "INFO"
        highlight: white green
      - name: debug
        expression: level == "DEBUG"
        highlight: white blue

  - name: journald
    file_patterns:
      - /var/log/journal/
      - "!journalctl"
    extractors:
      - "pattern <timestamp> <hostname> <service>: <_>"
      - logfmt
    filters:
      - name: kernel
        expression: "kernel"
        gutter: blue
      - name: systemd
        expression: "systemd"
        gutter: darkgrey

  - name: default
    file_patterns:
      - ".*"
    extractors:
      - logfmt
      # - json
      - regex (?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})
      - regex (?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z)
      - regex (?P<level>info|warning|error|debug|warn)
      - regex (?P<date>\d{4}-\d{2}-\d{2})
      - regex (?P<what>status|upgrade|startup)
      - autodatetime
    columns:
      - name: line_number
        align: right
        width: 5
      - name: timestamp
        width: 19