What is the best way to view/read Log files in a Linux system?. LNAV is a powerful, open-source and command-line enhanced log file navigator and viewer for Linux and Unix systems. It is created to help Sysadmins navigate through the /var/log directory and easily view logs based on timestamps and log levels filters.

Lnav can do messages interleaving from different files and is able to generate histograms of messages over time. By using its hotkeys for navigating, nailing down applications and infrastructure issues should be a quick and painless process.

How to Install Lnav on Linux?

Lnav can be installed on both Red Hat based and Debian based systems using simple steps.

To install lnav on Ubuntu / Debian system, run the following commands as user with sudo privileges.

$ sudo apt-get install lnav
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
libpcrecpp0v5
The following NEW packages will be installed:
libpcrecpp0v5 lnav
0 upgraded, 2 newly installed, 0 to remove and 90 not upgraded.
Need to get 672 kB of archives.
After this operation, 2,404 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

If you’re running CentOS or RHEL, install LNAV from EPEL repository.

sudo yum -y install epel-release
sudo yum -y install lnav

On Fedora server / Desktop, the package can be installed using dnf package manager.

sudo dnf -y install lnav

How to use LNAV on Linux?

Every installation is accompanied by usage guide. To get started with Lnav, the basic usage Syntax is:

lnav [options] [logfile1 logfile2 …]

See few example given below.

1. Open /var/log/messages file or /var/log/syslog for Ubuntu.

$ lnav

An output with latest log messages similar to one below will be shown.

2. To load all of the files in /var/log:

$ lnav  /var/log

3. To load a particular log file, provide its absolute path.

$ lnav /var/log/syslog

4. To watch the output of log file with timestamps prepended:

$ lnav -t /var/log/nginx/access.log

5. Load rotated logs – Archived

$ lnav /var/log/nginx/access.log-20190128.gz

6. Get help page

$ lnav --help

Lnav Key bindings:
? View/leave the online help text.
q Quit the program.

All lnav Options

  -h         Print this message, then exit.
  -H         Display the internal help text.
  -I path    An additional configuration directory.
  -i         Install the given format files and exit.  Pass 'extra'
             to install the default set of third-party formats.
  -u         Update formats installed from git repositories.
  -C         Check configuration and then exit.
  -d file    Write debug messages to the given file.
  -V         Print version information.

  -a         Load all of the most recent log file types.
  -r         Load older rotated log files as well.
  -t         Prepend timestamps to the lines of data being read in
             on the standard input.
  -w file    Write the contents of the standard input to this file.

  -c cmd     Execute a command after the files have been loaded.
  -f path    Execute the commands in the given file.
  -n         Run without the curses UI. (headless mode)
  -q         Do not print the log messages after executing all
             of the commands or when lnav is reading from stdin.

If you’re looking for Central Log Management tool, I recommend Graylog. You can have a quick Graylog server using any of the guides below.

Manage Logs with Graylog server on Ubuntu 18.04

How to Install Graylog 2.4 with Elasticsearch 5.x on CentOS 7