Petit is a free and open source command line based log analysis tool for Unix-like as well as Cygwin systems, designed to rapidly analyze log files in enterprise environments.
It is intended to follow the Unix philosophy of small fast and easy to use, and can be used to inspect/supports different log file formats including syslog and Apache log files.
Petit Features
- Supports for log analysis.
- Auto-detects and supports various log file formats( e.g. Syslog, Apache Access, Apache Error, Snort Log, Linux Secure Log, and raw log files).
- Supports for log Hashing .
- Supports command line graphing.
- Supports for word discovery and count with common stop-words within log data.
- Supports for log reduction for easy reading.
- Provides various default and specially made filters.
- Supports fingerprints, useful in identifying and excluding reboot signatures.
- Offers several output options for wide screen terminals and character selection and many more.
In this tutorial, we will show you how to install and use Petit log analysis tool in Linux to pull out useful information from system logs in a various ways.
How to Install and Use Petit Log Analysis Tool in Linux
Petit can be installed from the default repositories of Debian/Ubuntu and its derivatives, using apt package management tool as shown below.
$ sudo apt install petit
On RHEL/CentOS/Fedora systems, download and install the .rpm package like this.
# wget http://crunchtools.com/wp-content/files/petit/petit-current.rpm # rpm -i petit-current.rpm
Once installed, it’s time to see the Petit basic usage with examples..
Hashing a Log File
This is a straightforward petit function – it sums up the number of lines discovered in a log file. It’s output comprises of the number of similar lines found in the log and what the group broadly looked like as shown below.
# petit --hash /var/log/yum.log OR # petit --hash --fingerprint /var/log/messages
2: Mar 18 14:35:54 Installed: libiec61883-1.2.0-4.el6.x86_64 2: Mar 18 15:25:18 Installed: xorg-x11-drv-i740-1.3.4-11.el6.x86_64 1: Dec 16 12:36:23 Installed: 5:mutt-1.5.20-7.20091214hg736b6a.el6.x86_64 1: Dec 16 12:36:22 Installed: mailcap-2.1.31-2.el6.noarch 1: Dec 16 12:40:49 Installed: mailx-12.4-8.el6_6.x86_64 1: Dec 16 12:40:20 Installed: man-1.6f-32.el6.x86_64 1: Dec 16 12:43:33 Installed: sysstat-9.0.4-31.el6.x86_64 1: Dec 16 12:36:22 Installed: tokyocabinet-1.4.33-6.el6.x86_64 1: Dec 16 12:36:22 Installed: urlview-0.9-7.el6.x86_64 1: Dec 16 12:40:19 Installed: xz-4.999.9-0.5.beta.20091007git.el6.x86_64 1: Dec 16 12:40:19 Installed: xz-lzma-compat-4.999.9-0.5.beta.20091007git.el6.x86_64 1: Dec 16 12:43:31 Updated: 2:tar-1.23-15.el6_8.x86_64 1: Dec 16 12:43:31 Updated: procps-3.2.8-36.el6.x86_64 1: Feb 18 12:40:27 Erased: mysql 1: Feb 18 12:40:28 Erased: mysql-libs 1: Feb 18 12:40:22 Installed: MariaDB-client-10.1.21-1.el6.x86_64 1: Feb 18 12:40:12 Installed: MariaDB-common-10.1.21-1.el6.x86_64 1: Feb 18 12:40:10 Installed: MariaDB-compat-10.1.21-1.el6.x86_64 1: Feb 18 12:54:50 Installed: apr-1.3.9-5.el6_2.x86_64 ......
Finding Number Of Lines Produced by a Daemon
Using the --daemon option helps to output a basic report of lines produced by particular system daemon as shown in the example below.
# petit --hash --daemon /var/log/syslog
847: vmunix: 48: CRON[#]: 30: dhclient[#]: 26: nm-dispatcher: 14: rtkit-daemon[#]: 6: smartd[#]: 5: ntfs-#g[#]: 4: udisksd[#]: 3: mdm[#]: 2: ag[#]: 2: syslogd 1: cinnamon-killer-daemon: 1: cinnamon-session[#]: 1: pulseaudio[#]:
Finding Number Of Lines Produced by a Host
To find all the number of lines generated by a particular host, use the --host flag as shown below. This can be useful when analyzing log files for more than one host.
# petit --host /var/log/syslog 999: tecmint
Performing a Word Count in a Log File
This function is used to search and display qualitatively significant words in a log file.
# petit --wordcount /var/log/syslog
845: [ 97: [mem 75: ACPI: 64: pci 62: debian-sa# 62: to 51: USB 50: of 49: device 47: && 47: (root) 47: CMD 47: usb 41: systemd# 36: ACPI 32: > 32: driver 32: reserved 31: (comm# 31: -v
Graphing a Log File
This works in a key/value bar charting format, for side by side comparison of distributions as shown in the examples below.
To graph the first 60 seconds in a syslog, use the --sgrapg flag like this.
# petit --sgraph /var/log/syslog
# # # # # ############################################################ 59 29 58 Start Time: 2017-06-08 09:45:59 Minimum Value: 0 End Time: 2017-06-08 09:46:58 Maximum Value: 1 Duration: 60 seconds Scale: 0.166666666667
Tracking Particular Words in a Log File
This example shows how to track and graph a specific word (e.g “dhcp” in the command below) in a log file.
# cat /var/log/messages | grep error | petit --mgraph
# # # # # # # # # # # # # # # ############################################################ 10 40 09 Start Time: 2017-06-08 10:10:00 Minimum Value: 0 End Time: 2017-06-08 11:09:00 Maximum Value: 2 Duration: 60 minutes Scale: 0.333333333333
Additionally, to show samples for each entry in a log file, use the –allsamples option like this.
# petit --hash --allsample /var/log/syslog
Important Petit Files:
- /var/lib/petit/fingerprint_library – used to construct custom fingerprint files.
- /var/lib/petit/fingerprints (aggregate fingerprint files) – used to filter out reboots and other events not considered vital by the system administrator.
- /var/lib/petit/filters/
For more information and usage options, read the petit man page like this.
# man petit OR # petit -h
Petit Homepage: http://crunchtools.com/software/petit/
Also read through these useful guides concerning log monitoring and management in Linux:
- 4 Good Open Source Log Monitoring and Management Tools for Linux
- How to Manage System Logs (Configure, Rotate and Import Into Database) in Linux
- How to Setup and Manage Log Rotation Using Logrotate in Linux
- Monitor Server Logs in Real-Time with “Log.io” Tool on Linux
You can send us any queries via the feedback form below or perhaps share with us info about useful log analysis tools for Linux out there, that you have heard of or come across.
