Menu
▾
▴
Random sample showing some errors and alerts
Home
Why use logcolourer?
When something goes wrong, it's often best to look in your system log. However, there's often so much activity being logged that it's hard to see what's important. One approach to removing the background logging activity is to filter the log for errors and alerts. However, the resulting log stream shows the important events out of context. Another approach is to use an unfiltered log stream, but colour and highlight the log stream message according to their severity, say with error lines in red and alerts in bold yellow.
This documentation talks a lot about syslog-ng. logcolourer is not part of syslog-ng, and you might be able to use it with other syslog programs, or indeed for other files than system logs. However, the syslog-ng.conf file is known to allow the necessary customization to support logcolourer.
Syslog-ng doesn't allow you to select a log message's colour, but it does allow you to use a custom template containing the message severity as a single-digit level number. The logcolourer program replaces this level number with an ANSI escape sequence to highlight and colour the message.
The advantage of inserting ANSI escape sequences is you get the colours when you display a file of the messages using any terminal program such as tail or less; you don't need to run a graphics environment. It even works OK over SSH to a remote system.
Random sample showing some errors and alerts
logcolourer streams
logcolourer is a UNIX pipe, so you can send a file through it:
logcolourer <plain.log >coloured.log
The input stream can come from syslog-ng, or it could be a file. logcolourer requires that the first character of each line in the file is a digit from 0 to 9, which you configure syslog-ng to get from the message severity. Thus a typical input file might have the following contents:
0 emergency
1 alert
2 critical
3 error
4 warning
5 notice
6 information
7 debug
8 laughs
9 void
and the corresponding output would have the first digit replaced by the appropriate ANSI escape sequence to colour the line.
logcolourer supports the output from the linux kernel log, where the lines are prefixed by the severity in "<>" brackets. In this case the input would be:
<0> emergency
<1> alert
<2> critical
<3> error
<4> warning
<5> notice
<6> information
<7> debug
<8> laughs
<9> void
Other log colouring programs
Some programs colour fields such as IP addresses within syslog messages, rather than the entire message. This is a useful thing to do, but it's a different use case.
KDE users have KSystemLog, which handles logs from other sources (such as dmesg and Xorg.0.log) as well as syslog. However, it needs KDE, and you need to filter your log into separate streams by severity, and then colours them as it combines the streams for display.