Commentary

This library provides a major-mode for viewing syslog & strace files. You can highlight and filter the lines of the file by regular expressions and by timestamp, view notes associated with files, extract text, count matches, etc.

Keybindings

• “C-down” : syslog-boot-start
• “R” : revert-buffer
• ”/” : syslog-filter-lines
• “C-/” : syslog-filter-dates
• “g” : hide-lines-show-all
• “h r” : highlight-regexp
• “h p” : highlight-phrase
• “h l” : highlight-lines-matching-regexp
• “h q” : highlight-regexp-unique
• “h u” : unhighlight-regexp
• “h U” : unhighlight all regexps
• “C-/” : syslog-filter-dates
• “D” : open dired buffer in log directory (`syslog-log-file-directory’)
• “j”/”f” : ffap
• “<” : syslog-previous-file
• “>” : syslog-next-file
• “o” : syslog-open-files
• “a” : syslog-append-files
• “p” : syslog-prepend-files
• “v” : syslog-view
• “c” : syslog-count-matches
• “x” : syslog-extract-matches
• “X” : syslog-extract-pipe-from-strace
• “k” : hide-lines-kill-hidden
• “W” : syslog-whois-reverse-lookup
• “m” : manual-entry
• ”!” : syslog-shell-command
• ”?” : syslog-show-notes
• “M-n” : syslog-notes-next-match
• “M-p” : syslog-notes-prev-match
• “M-down” : syslog-move-next-file
• “M-up” : syslog-move-previous-file
• “t” : syslog-toggle-filenames
• “q” : quit-window

Commands:

Below are complete command list:

• `syslog-shell-command’ : Execute a shell COMMAND synchronously, with prefix arg (SUDOP) run under sudo. (Keybinding: !)
• `syslog-show-notes’ : In the minibuffer display note associated with the word at point.
• `syslog-notes-next-match’ : Search other window for the next match to the word used by the last call to `syslog-show-notes’.
• `syslog-notes-prev-match’ : Search other window for the previous match to the word used by the last call to `syslog-show-notes’.
• `syslog-load-notes’ : Load appropriate notes file for the current buffer.
• `syslog-edit-notes’ : Edit syslog notes associated with current buffer.
• `syslog-append-files’ : Append FILES into buffer BUF. (Keybinding: a)
• `syslog-prepend-files’ : Prepend FILES into buffer BUF. (Keybinding: M-x syslog-prepend-files)
• `syslog-open-files’ : Insert log FILES into new buffer. (Keybinding: o)
• `syslog-view’ : Open a view of syslog files with optional filters and highlights applied. (Keybinding: v)
• `syslog-previous-file’ : Open the previous logfile backup, or the next one if a prefix arg is used. (Keybinding: <)
• `syslog-next-file’ : Open the next logfile. (Keybinding: >)
• `syslog-move-next-file’ : Move to the next file in the current `syslog-mode’ buffer. (Keybinding: <M-down>)
• `syslog-move-previous-file’ : Move to the next file in the current `syslog-mode’ buffer. (Keybinding: <M-up>)
• `syslog-toggle-filenames’ : Toggle the display of filenames before each line. (Keybinding: t)
• `syslog-filter-lines’ : Restrict buffer to blocks of text between matching regexps. (Keybinding: /)
• `highlight-regexp-unique’ : Highlight each unique string matched by REGEXP with a different face (Keybinding: h q)
• `syslog-filter-dates’ : Restrict buffer to lines between times START and END (Emacs time lists). (Keybinding: C-/)
• `syslog-mode’ : Major mode for working with system logs. (Keybinding: M-x syslog-mode)
• `syslog-count-matches’ : Count strings which match the given pattern. (Keybinding: c)
• `syslog-extract-matches’ : Extract & concatenate string matching regexp RX (or its match groups). (Keybinding: x)
• `syslog-boot-start’ : Jump forward in the log to when the system booted. (Keybinding: <C-down>)
• `syslog-whois-reverse-lookup’ : This is a wrapper around the `whois’ command using symbol at point as default search string. (Keybinding: W)
• `syslog-transform-strace’ : Transform strace output in the current buffer. (Keybinding: M-x syslog-transform-strace)
• `syslog-extract-fds-from-strace’ : Extract strace output lines involving a particular file descriptor(s). (Keybinding: X)
• `syslog-strace-fds-treatment’ : Apply some replacements & alignment to improve readability of `syslog-extract-fds-from-strace’ output.

Customizable Options:

Below are customizable option list:

• `syslog-mode-hook’ : *Hook to setup `syslog-mode’. (default = nil)
• `syslog-views’ : A list of views. (default = nil)
• `syslog-datetime-regexp’ A regular expression matching the date-time at the beginning of each line in the log file.
• `syslog-log-file-directory’ : The directory in which log files are stored. (default = ”var/log”)
• `syslog-large-file-size’ : When `syslog-show-file-note’ tries to load a file larger than this it prompts the user.
• `syslog-hi-face-defaults’ : Alist of face sets to use for automatic highlighting.
• `syslog-notes-files’ : An alist used by `syslog-load-notes’ for choosing a notes file to load.
• `syslog-manpage-wait’ : Amount of time to wait for manpage to finish rendering, when processing manpages.
• `syslog-note-things’ : An alist of (REGEX . SYMB) pairs for choosing `syslog-note-thing’.
• `syslog-notes-default’ : List of `syslog-notes’ items that are always available.

Creating & viewing notes

You can create notes files containing info about things found in syslog & trace files using the `syslog-show-notes’ command which is bound to the ? key. By default the thing to look up is the ‘syslog-token extracted by `thing-at-point’, but you can alter this with the `syslog-note-things’ option. If you call `syslog-show-notes’ with a prefix arg then you will be prompted for a regexp and note type. The notes are stored in elisp files containing definitions of the buffer-local `syslog-notes’ variable, and can be associated with log/trace files using the `syslog-notes-files’ user option. You can also use `syslog-notes-default’ to define notes that are available in all buffers. You can use the `syslog-show-note-from-manpages’, `syslog-show-info-node-note’, `syslog-show-note-from-file-or-buffer’ and `syslog-show-note-from-apropos’ functions in `syslog-notes’ to extract notes from manpages, info nodes or arbitrary files (including org-mode files) at runtime. See also `syslog-text-notes-from-manpages’ if you prefer to use pre-extracted notes.

The included strace_notes.el & syslog_notes.el files contain examples of how to set `syslog-notes’.

strace output

The included strace_notes.el file will be loaded automatically for files with names ending in “.strace”. It contains declarations used by syslog-show-notes for extracting notes from manpages. There are also several functions & commands for dealing especially with strace output. To improve the readability of strace output you can use `syslog-transform-strace’, but you will also need output from the lsof command. This is used by `syslog-transform-strace’ to associated names to pids & pipes. The lsof output can either be obtained from previously saved output (using “lsof -n -P -L -E -pPID1,PID2,… > FILE”), or generated on the fly by `syslog-transform-strace’ if the traced commands are still running.

To extract lines from the strace buffer related to a particular pipe use `syslog-extract-fds-from-strace’. The resulting buffer will also be in `syslog-mode’, and you can format the output to make it more readable with `syslog-strace-fds-treatment’ which can be used in a `syslog-views’ entry.

Installation

• This library is available on MELPA: https://melpa.org/#/?q=syslog
• Otherwise download the library from here: https://github.com/vapniks/syslog-mode, and put it in a directory in the emacs load path, like ~/.emacs.d
• Add (require ‘syslog-mode) in your ~/.emacs file

License

syslog-mode is licensed under GPLv3 or later.