Show HN: Nerdlog – Fast, multi-host TUI log viewer with timeline histogram

(github.com)

134 points dimonomid | 2 comments | 21 Apr 25 11:38 UTC | HN request time: 0s | source

For more background and technical details, I wrote this up as well: https://dmitryfrank.com/projects/nerdlog/article

Show context

Zopieux ◴[21 Apr 25 13:51 UTC] No.43752026[source]▶

journalctl is mentioned once in the landing page and it seems to imply that journalctl is not supported per se, as logs need to be stored plaintext to legacy syslog (?).

I do not want to store plaintext logs and use ancient workarounds like logrotate. journald itself has the built-in ability to receive logs from remote hosts (journald remote & gateway) and search them using --merge.

replies(2): >>43752090 #>>43752347 #

dimonomid ◴[21 Apr 25 14:23 UTC] No.43752347[source]▶

>>43752026 #

That's true, as of today nerdlog doesn't use journalctl, and needs plain log files. There were a few reasons of that, primarily related to the sheer amount of logs that we were dealing with.

As mentioned in the article, my original use case was: having a fleet of hosts, each printing pretty sizeable amount of logs, e.g. having more than 1-2GB log file on every host on a single day was pretty common. My biggest problem with journalctl is that, during some intensive spikes of logs, it might drop logs; we were definitely observing this behavior that some messages are clearly missing from the journalctl output, but when we check the plain log files, the messages are there. I don't remember details now, but I've read about some kind of ratelimiting / buffer overflow going on there (and somehow the part which writes to the files enjoys not having these limits, or at least having more permissive limits). So that's the primary one; I definitely didn't want to deal with missing logs. Somehow, old school technology like plain log files keeps being more reliable.

Second, at least back then, journalctl was noticeably slower than simply using tail+head hacks to "select" the requested time range.

Third, having a dependency like journalctl it's just harder to test than plain log files.

Lastly, I wanted to be able to use any log files, not necessarily controlled by journalctl.

I think adding support for journalctl should be possible, but I still do have doubts on whether it's worth it. You mention that you don't want to store plaintext logs and using logrotate, but is it painful to simply install rsyslog? I think it takes care of all this without us having to worry about it.

replies(2): >>43752929 #>>43753531 #

lenova ◴[21 Apr 25 16:07 UTC] No.43753531[source]▶

>>43752347 #

I appreciate this response, and want to say I really like your tool's UI over something like lazyjournal. But like the above commentor, I would love to see journald support as well, just because it's the default these days on the distros I use, and seems like the direction the Linux system industry has headed in.

replies(2): >>43753848 #>>43770859 #

dimonomid ◴[21 Apr 25 16:38 UTC] No.43753848[source]▶

>>43753531 #

Thanks for the feedback. I'll see what I can do. But for now, do you think the workaround of having to install rsyslog is not good enough?

replies(1): >>43754385 #

lenova ◴[21 Apr 25 17:33 UTC] No.43754385[source]▶

>>43753848 #

I think it will impact first-time users giving nerdlog a quick test/trial run, and cause them to bounce to another tool when it doesn't show them logs from journald out of the box. Users can be finicky and impatient with new tools ;-)

Example: I'm running an Arch-based Linux desktop. Installing ryslog took several minutes to build and install. If I wasn't highly motivated to try out nerdlog, I would have canceled the install.

Also, can the SSH requirement for localhost be bypassed? Most users won't be running an SSH server on their desktop, and this would improve nerdlog's use-cases and make it easier for new users to give it a quick local test run.

Final suggestion: add `go get` support to your repo, so that I can install nerdlog from a single command and not have to clone the repo itself.

replies(3): >>43754496 #>>43754529 #>>43761238 #

dimonomid ◴[21 Apr 25 17:48 UTC] No.43754529[source]▶

>>43754385 #

I first responded before your edit about ssh and localhost, so: yeah, as briefly mentioned in the article, as of today there's no shortcut even for localhost. I was debating whether I should implement this feature before open sourcing it, but I had to draw the line somewhere (I have TONS of ideas what could be implemented), and since reading local logs isn't the primary focus of nerdlog, I decided to skip it for now.

But yes the bypass for localhost can definitely be implemented.

replies(1): >>43756291 #

mcint ◴[21 Apr 25 20:47 UTC] No.43756291[source]▶

>>43754529 #

Yeah, I'm bouncing for now on the localhost requirement. Or, on a related issue of not parsing my .ssh/config, a Match directive, and not wanting it to parse it yet. I grep'ed for an env var to override, but only USER and SSH_AUTH_SOCK are pulled in.

I did go get install ...nerdlog/cmd/nerdlog-tui@latest just fine.

Thanks for hacking in the open, and releasing early.

replies(2): >>43756468 #>>43887470 #

1. dimonomid ◴[21 Apr 25 21:04 UTC] No.43756468{3}[source]▶

>>43756291 #

Sorry to hear you're having issues. I'll try to reproduce and fix the issue with the Match.

Not sure if that "Thanks" for releasing early is sarcastic, but regardless, I appreciate the feedback.

replies(1): >>43759202 #

2. lenova ◴[22 Apr 25 05:04 UTC] No.43759202[source]▶

>>43756468 (TP) #

I would say that their thanks is sincere, and that they're applauding you for releasing a new tool to a public/critical audience while also taking feedback in very constructive manner.

↑