Terminal user interface for reading logs from journald, auditd, file system, Docker (including Swarm) containers, Compose stacks, Podman and Kubernetes pods with support for output coloring and multiple filtering modes. Written in Go with the awesome-gocui (fork gocui) library.

This tool is inspired by and with love for LazyDocker and LazyGit. It is also included in Awesome-Go, Awesome-TUIs and Awesome-Docker, check out other useful projects on the repository pages.

• Simple installation, to run download one executable file without dependencies and settings.
• Centralized search for the required journal by filtering all lists (log sources).
• Streaming output of new events from the selected journal (like tail).
• List of all services (including disabled unit files) with current state from systemd to access their logs.
• View all system and user journals via journalctl (tool for reading logs from journald).
• List of all system boots for kernel log output.
• List of audit rules from auditd for filtering by keys and viewing in interpret format.
• File system logs such as for Apache or Nginx, as well as syslog, messages, etc. from /var/log.
• Lists all log files in users home directories, as well as descriptor log files used by processes.
• Reading archive logs truncated during rotation (gz, xz and bz2 formats) and Packet Capture (pcap format).
• Apple System Logs support (asl format).
• Docker and Swarm logs from the file system or stream, including build-in timestamps and filtering by stream.
• Logs of all containers in Docker Compose stacks, sorted by time for all entries.
• Podman logs, without the need to run a background process (socket).
• Kubernetes pods logs (you must first configure a connection to the cluster via kubectl).
• Logs of k3s pods and containers from the file system on any nodes (including workers).
• Windows Event Logs via PowerShell and wevtutil, as well as application logs from Windows file system.
• Search and analyze all logs from remote hosts in one interface using rsyslog configuration.
• Access to logs on a remote system via ssh protocol.

Supports 4 filtering modes:

• Default - case sensitive exact search.
• Fuzzy (like fzf) - custom inexact case-insensitive search (searches for all phrases separated by a space anywhere on a line).
• Regex (like grep) - search with regular expression support, based on the built-in regexp library, case-insensitive by default (in case a regular expression syntax error occurs, the input field will be highlighted in red).
• Date - filtering by date (since and/or until) for journald logs, as well as Docker or Podman containers (only supported in streaming mode) using the left and right arrow keys. This mode affects log loading (this is especially relevant for large logs, thereby increasing performance) and can be used in combination with other filtering modes.

Several log output coloring modes are supported:

• default - built-in log highlighter by default, requires no dependencies and is several times faster than other tools (including in command-line mode).
• tailspin - uses tailspins.
• bat - uses bat in ansi mode and log language.

When using external tools, they are required to be already installed on your system. It is also possible to disable coloring, this is useful if your terminal already has output coloring built in, such as WindTerm.

The built-in coloring by default supports several color groups:

• Custom - URLs, HTTP request methods and response status codes, double quotes and braces for json, file paths and processes in UNIX.
• Yellow - warnings and known names (host name and system users).
• Green - keywords indicating success.
• Red - keywords indicating error.
• Blue - statuses and actions (restart, update, etc).
• Light blue - numbers (date, time, timestamp, bytes, versions, percentage, integers, IP and MAC addresses).

A full list of all keywords can be found in the color.log file (used for testing only). If you have suggestions for improving coloring (e.g. adding new words), you can open an issue for a new feature.

Coloring directly affects the loading time of the log, to increase the performance of reading large logs, it is possible to disable coloring using the Ctrl+Q.

Binaries are available for download on the releases page.

List of supported systems and architectures in which functionality is checked:

Run the command in the console to quickly install or update the stable version for Linux, macOS or the BSD-based system:

curl -sS https://raw.githubusercontent.com/Lifailon/lazyjournal/main/install.sh | bash

This command will run a script that will download the latest binary (auto-detect OS and arch) from the GitHub repository to your home directory along with other executables (default path is ~/.local/bin/lazyjournal) and configurations (~/.config/lazyjournal/config.yml) for the current user, and also grant execute permission.

If you are using Ubuntu or any other Debian-based system, you can also download the deb package to manage installation and removal:

VERSION=$(curl -sSL -H 'Accept: application/json' https://github.com/Lifailon/lazyjournal/releases/latest | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
curl -L -sS https://github.com/Lifailon/lazyjournal/releases/download/$VERSION/lazyjournal-$VERSION-$(dpkg --print-architecture).deb -o /tmp/lazyjournal.deb
sudo apt install /tmp/lazyjournal.deb && rm /tmp/lazyjournal.deb

Use the following command to install lazyjournal using Homebrew:

brew install lazyjournal

If you use package managers like conda or mamba, you can install lazyjournal from conda-forge:

conda install -c conda-forge lazyjournal
mamba install -c conda-forge lazyjournal

You can install lazyjournal user-globally using pixi:

pixi global install lazyjournal

If you an Arch Linux user you can also install from the AUR:

paru -S lazyjournal

Download the docker-compose file and run the container using the image from Docker Hub:

mkdir lazyjournal && cd lazyjournal
curl https://raw.githubusercontent.com/Lifailon/lazyjournal/refs/heads/main/docker-compose.yml -o docker-compose.yml
docker compose up -d
docker exec -it lazyjournal lazyjournal

The image is based on Debian with systemd, docker cli, docker-compose and kubectl pre-installed. The necessary permissions are already pre-set in the file to support all log sources from the host system.

To access Kubernetes logs, you need to forward the configuration to the container. If you're using a local cluster (e.g., k3s), change the cluster server address in the configuration to the host address on the local network.

Supports running in a container with a Web interface, using ttyd to access logs via a browser. To do this, edit the variables:

# Enable Web mode
TTYD=true
PORT=5555
# Credentials for accessing via Web browser (optional)
USERNAME=admin
PASSWORD=admin
# Flags used (optional)
OPTIONS=-t 5000 -u 2

Use the following command to quickly install in your PowerShell console:

irm https://raw.githubusercontent.com/Lifailon/lazyjournal/main/install.ps1 | iex

The following directories are used to search for logs in the file system:

• Program Files
• Program Files (x86)
• ProgramData
• AppData\Local and AppData\Roamin for current user

To read logs, automatic detection of the following encodings is supported:

• UTF-8
• UTF-16 with BOM
• UTF-16 without BOM
• Windows-1251 by default

You can also use Go to install (Go must be installed on the system):

go install github.com/Lifailon/lazyjournal@latest

You can run the interface from anywhere:

lazyjournal -h

--help, -h                 Show help
--version, -v              Show version
--config, -g               Show configuration of hotkeys and settings (check values)
--audit, -a                Show audit information
--tail, -t                 Change the number of log lines to output (range: 200-200000, default: 50000)
--update, -u               Change the auto refresh interval of the log output (range: 2-10, default: 5)
--filter-symbols, -F       Minimum number of symbols for filtering output (range: 1-10, default: 3)
--disable-autoupdate, -d   Disable streaming of new events (log is loaded once without automatic update)
--disable-mouse, -m        Disable mouse control support
--disable-timestamp, -i    Disable timestamp for Docker logs
--only-stream, -o          Force reading of Docker container logs in stream mode (by default from the file system)
--docker-context, -D       Use the specified Docker context (default: default)
--kubernetes-context, -K   Use the specified Kubernetes context (default: default)
--namespace, -n            Use the specified Kubernetes namespace (default: all)
--path, -p                 Custom path to logs in the file system (e.g. "$(pwd)", default: /opt)
--color, -C                Color mode (available values: default, tailspin, bat or disable)
--command-color, -c        ANSI coloring in command line mode
--command-fuzzy, -f        Filtering using fuzzy search in command line mode
--command-regex, -r        Filtering using regular expression (regexp) in command line mode
--ssh, -s                  Connect to remote host (use standard ssh options, separated by spaces in quotes)
                           Example: lazyjournal --ssh "[email protected] -p 22"

Access to all system logs and containers may require elevated privileges for the current user. For example, if a user does not have read permission to the directory /var/lib/docker/containers, he will not be able to access all archived logs from the moment the container is started, but only from the moment the containerization system is started, so the process of reading logs is different. However, reading in streaming mode is faster than parsing json logs from the file system.

Hotkeys and settings values ​​can be overridden using the config file (see issue #23 and #27), which can be in ~/.config/lazydocker/config.yml, as well as next to the executable or in the current startup directory (has high priority).

List of all used keys and hotkeys (default values):

• F1 - show help on hotkeys.
• Tab - switch to next window.
• Shift+Tab - return to previous window.
• Up/PgUp/k and Down/PgDown/j - move up and down through all journal lists and log output, as well as changing the filtering mode in the filter window.
• Shift/Alt+Up/Down - quickly move up and down through all journal lists and log output every 10 or 100 lines (500 for log output).
• Shift/Ctrl+k/j - quickly move up and down (like Vim and alternative for macOS from config).
• Left/h and Right/l - switch between journal lists in the selected window and change the date in the filter window.
• Del/Backspace - disable filtering by date.
• Enter - load a log from the list window or return to the previous window from the filter window.
• / - go to the filter window from the current list window or logs window.
• End/Ctrl+E - go to the end of the log.
• Home/Ctrl+A - go to the top of the log.
• Ctrl+X/Z - change the number of log lines to output (range: 200-200000, default: 50000).
• Ctrl+P/O - change the auto refresh interval of the log output (range: 2-10, default: 5).
• Ctrl+U - disable streaming of new events (log is loaded once without automatic update).
• Ctrl+R - update the current log output manually (relevant in disable streaming mode).
• Ctrl+Q - update all log lists.
• Ctrl+W - switch color mode between default, tailspin, bat or disable.
• Ctrl+D - change read mode for docker logs (stream only or json from file system).
• Ctrl+S - change stream display mode for docker logs (all, stdout or stderr only).
• Ctrl+T - enable or disable built-in timestamp and stream type for docker logs.
• Ctrl+C - clear input text in the filter window or exit.

Mouse control is supported (but can also be disabled with the -m flag or configuration) for selecting window and the log from list, as well as lists and log scrolling. To copy text, use the Alt+Shift key combination while selecting.

Supports access to logs on a remote system (no client installation required).

Standard ssh arguments are used to configure the connection (passed as a single argument in quotes), for example:

lazyjournal --ssh "[email protected]"
# Passing arguments
lazyjournal --ssh "[email protected] -p 21 -o Compression=yes"
# If sudo is supported without entering a password
lazyjournal --ssh "[email protected] sudo"

Coloring and/or filtering of output is supported in command line mode:

alias lj=lazyjournal # >> $HOME/.bashrc

# Coloring the output from stdin
cat /var/log/syslog | lj -c

# Filtering in fuzzy search
cat /var/log/syslog | lj -f "error"

# Filtering using regular expressions
cat /var/log/syslog | lj -r "error|fatal|fail|crash"

# Filtering with subsequent coloring of the output
cat /var/log/syslog | lj -r "error|fatal|fail|crash" -c

Clone the repository and use Make to run or build the binary:

git clone https://github.com/Lifailon/lazyjournal
cd lazyjournal
make run
# or
make build

Unit tests cover all main functions and interface operation.

# Get a list of all tests
make list
# Run selected or all tests
make test n=TestMockInterface
make test-all

Since this is my first Go project, there may be some bad practices, BUT I want to make lazyjournal better. Any contribution will be appreciated! If you want to implement any new feature or fix something, please open an issue first.

Thanks to all participants for their contributions:

• Matteo Giordano for upload and update the package in AUR.
• Ueno M. for upload and update the package in Homebrew and Conda.

You can also upload the package yourself to any package manager you use and make Pull Requests.

• Lnav - The Logfile Navigator is a log file viewer for the terminal.
• Toolong - A terminal application to view, tail, merge, and search log files.
• Nerdlog - A remote, multi-host TUI syslog viewer with timeline histogram and no central server.
• Gonzo - A log analysis terminal UI with beautiful charts and AI-powered insights.
• Dozzle - A small lightweight application with a Web based interface to monitor Docker logs.

This project is licensed under the MIT License. See the LICENSE file for details.

Copyright (C) 2024 Lifailon (Alex Kup)