If you’ve ever had the need to investigate production issues in a load-balanced setup, you’d know why having a tool to pull down all of your remote log files into a single filtered stream can be handy. I think splunk is great at this, but in many cases, overkill.
I wrote chip to accommodate this demanding use case:
I have n production servers. From my local machine, I want to view the web application logs across those servers on a single terminal, while highlighting error lines in red. Additionally, I want those errors emailed to me.
That’s what chip does. It’s a powerful log file monitor (like swatch) and multiplexer. That is, it combines local or remote logs into one stream that you can see. Watch the screencast:
A full description of what chip can do is at the github project page, but the gist is:
chipstarts up and tries to open log file(s), either local or remote. If one isn’t specified, it reads from standard input. It goes through each line looking for patterns that you have specified as arguments. When it finds a match, chip does whatever you told it to do with that match.
I use chip daily to watch production logs. When I’m investigating issues, I set up an additional pattern and handler to send certain log lines to my inbox. Just think: An instant monitor set up to watch all of your production logs while you do more important things. Useful for just tailing logs, splitting them, colorizing them, monitoring them, or any combination of the above. You can also use it as a more flexible alternative to `tee` when piping in input.
Anyway, now I can get back to working on the GetSparks.org project
chip is still technically a beta, but has been stable throughout my use of it. Check out chip at https://github.com/katzgrau/chip.
On Twitter, I’m @_kennyk_.