A tail(1)-like utility for nginx log files that supports parsing, filtering and formatting of individual
log lines (in nginx's so-called "combined" log format).
Instead of this...
$ tail -f /var/log/nginx/access.log 192.0.32.10 - - [21/Jan/2011:14:07:34 +0000] "GET / HTTP/1.1" 200 3700 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10" "-" 192.0.32.10 - - [21/Jan/2011:14:07:34 +0000] "GET /nginx-logo.png HTTP/1.1" 200 370 "http://localhost/" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10" "-" 192.0.32.10 - - [21/Jan/2011:14:07:34 +0000] "GET /poweredby.png HTTP/1.1" 200 3034 "http://localhost/" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10" "-" 192.0.32.10 - - [21/Jan/2011:14:07:34 +0000] "GET /favicon.ico HTTP/1.1" 404 3650 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10" "-" 192.0.32.10 - - [21/Jan/2011:14:19:04 +0000] "GET /nginx-logo.png HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10" "-" $ _
... you get this:
$ tail -f /var/log/nginx/access.log | ntail 2011-01-21 14:07:34 - 192.0.32.10 - 200 - GET / - (Chrome, Linux) - - 2011-01-21 14:07:34 - 192.0.32.10 - 200 - GET /nginx-logo.png - (Chrome, Linux) - localhost 2011-01-21 14:07:34 - 192.0.32.10 - 200 - GET /spanoweredby.png - (Chrome, Linux) - localhost 2011-01-21 14:07:34 - 192.0.32.10 - 404 - GET /favicon.ico - (Chrome, Linux) - - 2011-01-21 14:19:04 - 192.0.32.10 - 304 - GET /nginx-logo.png - (Chrome, Linux) - - $ _
Installing the gem also installs the ntail executable, typically as /usr/bin/ntail or /usr/local/bin/ntail:
$ gem install ntail
To ensure easy execution of the ntail script, add the actual installation directory to your shell's $PATH variable.
process an entire nginx log file and print each parsed and formatted line to STDOUT
$ ntail /var/log/nginx/access.log
process an entire nginx log file and pipe each parsed and formatted line into a browser (depends on the optional bcat gem)
$ ntail /var/log/nginx/access.log | bcat
tail an "active" nginx log file and print each new line to STDOUT (stop with ^C)
$ tail -f /var/log/nginx/access.log | ntail
tail an "active" nginx log file and pipe each new line into a browser (stop with ^C)
$ tail -f /var/log/nginx/access.log | ntail | bcat
read from STDIN and print each line to STDOUT (stop with ^D)
$ ntail
read from STDIN and print out the length of each line (to illustrate -e option)
$ ntail -e 'puts size'
read from STDIN but only print out non-empty lines (to illustrate -f option)
$ ntail -f 'size != 0'
the following invocations behave exactly the same (to illustrate -e and -f options)
$ ntail
$ ntail -f 'true' -e 'puts self'
print out all HTTP requests that are coming from a given IP address
$ ntail -f 'remote_address == "208.67.222.222"' /var/log/nginx/access.log
find all HTTP requests that resulted in a '5xx' HTTP error/status code (e.g. Rails 500 errors)
$ gunzip -S .gz -c access.log-20101216.gz | ntail -f 'server_error_status?'
generate a summary report of HTTP status codes, for all non-200 HTTP requests
$ ntail -f 'status != "200"' -e 'puts status' access.log | sort | uniq -c
76 301
16 302
2 304
1 406
print out GeoIP country and city information for each HTTP request (depends on the optional geoip gem)
$ ntail -e 'puts [to_country_s, to_city_s].join("\t")' /var/log/nginx/access.log
United States Los Angeles
United States Houston
Germany Berlin
United Kingdom London
print out the IP address and the corresponding host name for each HTTP request (slows things down considerably, due to nslookup call)
$ ntail -e 'puts [remote_address, to_host_s].join("\t")' /var/log/nginx/access.log
66.249.72.196 crawl-66-249-72-196.googlebot.com
67.192.120.134 s402.pingdom.com
75.31.109.144 adsl-75-31-109-144.dsl.irvnca.sbcglobal.net
parse an access log file, and pipe its raw output (indirectly - via the parsed.log file) into the gltail realtime logfile visualizer
$ ntail -v --raw --sleep 0.1 /var/log/nginx/access.log > parsed.log
"-f" option for ntail, similar to that of tail(1), using e.g. flori's file-tail gem"-i" option ("ignore exceptions"/"continue processing"), if handling a single line raises an exception"-r" option ("re-raise exception"), to immediately stop processing and raising the exception for investigationCopyright (c) 2011 Peter Vandenberk. See LICENSE.txt for further details.
FAQs
Unknown package
We found that ntail demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
Security News
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.