https://github.com/blue-yonder/bonfire

A CLI Graylog Client with Follow Mode
https://github.com/blue-yonder/bonfire

cli graylog

Last synced: about 1 year ago
JSON representation

A CLI Graylog Client with Follow Mode

• Host: GitHub
• URL: https://github.com/blue-yonder/bonfire
• Owner: blue-yonder
• License: bsd-3-clause
• Created: 2015-04-16T13:07:06.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2022-11-23T15:49:12.000Z (over 3 years ago)
• Last Synced: 2025-03-30T02:33:23.306Z (about 1 year ago)
• Topics: cli, graylog
• Language: Python
• Size: 81.1 KB
• Stars: 72
• Watchers: 12
• Forks: 26
• Open Issues: 8
• Metadata Files:
  • Readme: README.rst
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
=======

bonfire

=======

Bonfire is a command line interface to query Graylog searches via the REST API. It tries to emulate the feeling of using tail on a local file.

Usage

=====

Examples::

    > bonfire -h logserver -u jdoe -@ "10 minutes ago" "*"

    ...

    > bonfire -h logserver -u jdoe -f "source:localhost AND level:2"

    ...

Bonfire usage::

    Usage: bonfire [OPTIONS] [QUERY]

      Bonfire - An interactive graylog cli client

    Options:

      --node TEXT                     Label of a preconfigured graylog node

      -h, --host TEXT                 Your graylog node's host

      -s, --tls                       Use HTTPS

      --port INTEGER                  Your graylog port (default: 12900)

      --endpoint TEXT                 Your graylog API endpoint e.g /api (default:

                                      /)

      -u, --username TEXT             Your graylog username

      -p, --password TEXT             Your graylog password (default: prompt)

      -k, --keyring / -nk, --no-keyring

                                      Use keyring to store/retrieve password

      -@, --search-from TEXT          Query range from

      -#, --search-to TEXT            Query range to (default: now)

      -t, --tail                      Show the last n lines for the query

                                      (default)

      -d, --dump                      Print the query result as a csv

      -f, --follow                    Poll the logging server for new logs

                                      matching the query (sets search from to now,

                                      limit to None)

      -l, --interval INTEGER          Polling interval in ms (default: 1000)

      -n, --limit INTEGER             Limit the number of results (default: 10)

      -a, --latency INTEGER           Latency of polling queries (default: 2)

      -r, --stream TEXT               Stream ID of the stream to query (default:

                                      no stream filter)

      -e, --field TEXT                Fields to include in the query result

      -x, --template-option TEXT      Template options for the stored query

      -s, --sort TEXT                 Field used for sorting (default: timestamp)

      --asc / --desc                  Sort ascending / descending

      --help                          Show this message and exit.

Configuration

=============

Bonfire can be configured. It will look for a ``~/.bonfire.cfg`` or a ``bonfire.cfg`` (in the current directory). The

configuration file can specify API nodes. If no host is specified a node with the name ``default`` will be used. You can

also configure queries which can be referenced by starting your query with a colon::

    [node:default]

    host=1.2.3.4

    port=12900

    endpoint=/

    username=jdoe

    [node:dev]

    host=4.3.2.1

    port=9000

    endpoint=/api

    username=jdoe

    password=H4rrH4rrB0bba

    [query:example]

    query=facility:*foo* AND source:*bar*

    from=2015-03-01 15:00:00

    limit=100

    fields=message,name,facility,source

Now you can run queries via such as::

    > bonfire --node=dev :example

    ... runs the example query on the node dev

    > bonfire :example

    ... runs the example query on the default node

Query Templates

---------------

Options

=======

Queries

=======

Testing

=======

Cf. the travis script for running tests. Make sure you disable proxies / set

noproxy if you're using a proxy, to be able to reach the test dummy server

(called ``dummyserver``), e.g.::

> env no_proxy=dummyhost python setup.py test

Known Bugs

==========

Development

===========

Once you want to release a new version, do the following:

* bring your git tree in order, cut the release, and tag it with the desired

  version

* install necessary pip packages:

  > python3 -m pip install –-user –-upgrade setuptools wheel twine

* bundle your release:

  > python3 setup.py sdist bdist_wheel

* publish it:

  > python3 -m twine upload dist/*

Note that if you have several different versions in dist, you might want to

specify which one you want to publish.

Release Notes

=============

* v0.0.7: Issues fixes, TLS and Proxy support

    * Adds support for proxies

    * Adds support for https urls

    * Add timestamps to the dump format

* v0.0.6: Documentation fix

    * Change of README.rst

* v0.0.5: Clean up

    * Removed terminal UI ideas

    * Added first tests

    * Fixed date and time handling with timezones

    * Added python3 compatibility

* v0.0.4: Extended documentation & stream access

    * Use the first stream the user has access to if no stream is specified and the user has no global search rights

* v0.0.3: Small fixes

    * Use accept header in GET requests.

    * Fix bug when querying specific fields

* v0.0.1: Initial release

    * Limited feature set.