Archive for May, 2013

If you are a software developer, a sysadmin or a devops, all of us have do deal with log files to see what’s happening in our system and to find analyse its behaviour. Going through normal log files (log4j) and analysing them is a bit painful since all the lines are printed in same colour.

There are some better log tools such as Multitail. However if you are  looged into a remote server via “ssh” , then you don’t have the luxury of using these tools. However Linux “awk” utility comes to help. AWK is a Linux text processing tool, text in files and streams. It matches a specified pattern and execute some action on it. If a pattern is not specified, it applies the action on all lines.

Print  with  colours

Below script reads the WSO2 ELB log file and matches all INFO s and print them in green, ERROR s in red, FATALs in red, WARN s in yellow.

tail -f /opt/wso2elb-2.0.4/repository/logs/wso2carbon.log | awk '
/INFO/ {print "\033[32m" $0 "\033[39m"}
/ERROR/ {print "\033[31m" $0 "\033[39m"}
/FATAL/ {print "\033[31m" $0 "\033[39m"}
/WARN/ {print "\033[33m" $0 "\033[39m"}
'
Log with colour

Log with colour

Filter with colours

In addition to above script, below script matches the log messages with the word “joined” and shows them in blue colour.


tail -f /opt/wso2elb-2.0.4/repository/logs/wso2carbon.log | awk '
/INFO/ {print "\033[32m" $0 "\033[39m"}
/ERROR/ {print "\033[31m" $0 "\033[39m"}
/FATAL/ {print "\033[31m" $0 "\033[39m"}
/WARN/ {print "\033[33m" $0 "\033[39m"}
/joined/ {print "\033[34m" $0 "\033[39m"}
'

Note : Some Linux systems such as Ubuntu has output buffer enabled by default for awk. Sometime it may result in some content at the end of the log file not showing in the console. To avoid it you can use gawk which is the GnuAWK implementation or turn off the standard output as below.


tail -f /opt/wso2elb-2.0.4/repository/logs/wso2carbon.log | stdbuf -o0 awk <awk_parameters>'