Highlight your logs

Logs are great. Logs are cool. Logs are helpful. But logs are monochrome.

Unless you ask the camel to colorize them:

# tail -f /var/log/httpd/20110120 | perl -pe 's/.*b(error)b.*/e[1;31m$&e[0m/g'
Jan 20 17:04:04 bagheera httpd: [20/Jan/2011:17:04:04 +0100] 10.0.0.62 TLSv1 AES256-SHA "POST /wp-login.php HTTP/1.1" 5
Jan 20 17:04:08 bagheera httpd[17951]: [error] ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker '10.0.0.62', file '/www.tumfatig.net/wp-admin/admin.php', line 96)
Jan 20 17:04:10 bagheera httpd: [20/Jan/2011:17:04:10 +0100] 10.0.0.62 TLSv1 AES256-SHA "GET /wp-admin/ HTTP/1.1" 49959

You can also do it with Sed. Here’s a Postfix example:

# tail -256f /home/log/luuna/postfix/20110202 | sed -e "s/(NOQUEUE: [a-z]*:)/$DRED1$BLANK/" -e "s/(status=[a-z]* )/$DCYAN1$BLANK/"
(...)
Feb  2 09:53:20 luuna postfix/qmgr[7196]: 67054CBB689: from=, size=26977, nrcpt=1 (queue active)
Feb  2 09:53:20 luuna postfix/smtpd[6633]: disconnect from chrome-on.cccampaigns.net[81.92.121.1]
Feb  2 09:53:20 luuna postfix/virtual[7467]: 67054CBB689: to=, relay=virtual, delay=0.55, delays=0.42/0.02/0/0.12, dsn=2.0.0, status=sent (delivered to maildir)
Feb  2 09:53:20 luuna postfix/qmgr[7196]: 67054CBB689: removed
(...)
Feb  2 09:57:28 luuna postfix/smtpd[3171]: connect from ip-83-149-3-91.nwgsm.ru[83.149.3.91]
Feb  2 09:57:29 luuna postfix/smtpd[3171]: NOQUEUE: reject: RCPT from ip-83-149-3-91.nwgsm.ru[83.149.3.91]: 554 5.7.1 Service unavailable; Client host [83.149.3.91] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.149.3.91; from= to=
 proto=ESMTP helo=
Feb  2 09:57:29 luuna postfix/smtpd[3171]: lost connection after DATA from ip-83-149-3-91.nwgsm.ru[83.149.3.91]
Feb  2 09:57:29 luuna postfix/smtpd[3171]: disconnect from ip-83-149-3-91.nwgsm.ru[83.149.3.91]
(...)

Sources:

No Comments

Leave a Reply

%d bloggers like this: