LOGTOP

NAME

logtop - Realtime log line rate analyser

SYNOPSIS

logtop [OPTIONS]

DESCRIPTION

logtop is a System Administrator tool analyzing line rate on stdin.
It reads on stdin and print a constantly updated result
displaying, in columns:
Line number, count, frequency, and the actual line.

$ tail -f FILE | logtop
is the friendly version of:
$ watch ’tail FILE | sort | uniq -c | sort -gr’

OPTIONS

-s, --size=K

Only keep K lines in memory, instead of 10000.

-q, --quiet

Do not display a live view of the data, only display a top at exit.

-l, --line-by-line=K

Print result line by line, in a machine friendly format, K is the number of result to print per line.

Line by line format is : [%d %f %s\t]*\n
%d : Number of occurences
%f : Frequency of apparition
%s : String (Control chars replaced by dots.

-i, --interval=K

Interval between graphical updates, in seconds. Defaults to 1.

-h, --help

Show summary of options.

-v, --version

Show version of program.

EXAMPLES

Here are some logtop usage examples.

tail -f cache.log | grep -o "HITMISS" | logtop

Realtime hit / miss ratio on some caching software log file.

tail -f access.log | cut -d’ ’ -f1 | logtop -s 10000

Realtime most querying IPs on your server, as long as log lines in access.log starts with the client IP.

tail -f access.log | cut -d’ ’ -f7 | logtop -s 10000

Realtime most requested web pages in a NCSA like log file.

cat auth.log | grep -v "CRON" | grep -o ": .*" | logtop -q -s 100000

Display a one-shot simple analyse of your auth.log.

SEE ALSO

watch(1)

AUTHOR

logtop was written by Julien Palard.

This manual page was written by Julien Palard <julien@palard.fr>, for the Debian project (and may be used by others).