13 best free log viewer software for windows

Фильтрация

Набор фильтров зависит от формата лога. Некоторые фильтры доступны всегда, например фильтр по подстроке, а некоторые появляются если в логе присутствует поле определённого типа. Это позволяет создавать специализированные фильтры для некоторых типов полей. Например, если в логе есть поле severity, то в верхней панельке появится такой UI компонент:

Очень удобно добавлять фильтры из контекстного меню. Можно выделить текст, кликнуть правой кнопкой мыши и выбрать «Не показывать записи с таким текстом». На панельку с фильтрами автоматически добавится фильтр по тексту, скрывающий записи с таким текстом. Помогает когда лог завален однообразными записями, не интересными в данный момент.

Можно кликнуть на запись и выбрать «Скрыть последующие записи» или «Скрыть предыдущие записи», чтобы работать только с определённой частью лога. Скрытие происходит добавлением фильтра по дате.

Для сложных случаев можно задать фильтр с условием написанным на JavaScript. Такой фильтр представляет из себя функцию принимающую одну записи и возвращающую true или false.

При изменении фильтров, просмотрщик старается максимально сохранить позицию в логе. Если есть выделенная запись, то изменение фильтров не изменит её положения на экране, а записи вокруг пропадут или появятся. Пользователь может задать фильтр, чтобы были видны только ошибки, найти подозрительную ошибку, затем убрать фильтр и смотреть что происходило вокруг этой ошибки.

Состояние панели фильтров отображается в параметрах URL, чтобы можно было добавить в закладки браузера текущую конфигурацию.

LogViewer

LogViewer is another simple Log file viewer for Windows. It has a bit confusing interface. When you open it, you will see that the entire interface is blank, there is no menu or option at all. You will need to right click on its interface to see all the options it has. Start by choosing Open option to open any log file.

When a log file is opened, you can just scroll to see on its interface. You can change font size by again using the right click menu.

Now, there are a few good options that this software has, but none of those worked for me, and I am not really sure if I missed something. I encourage you to try them at your end.

  • Hide Rows feature lets you hide rows based on pattern you have specified. You can specify multiple patterns and all the rows that meet those patterns will be hidden.
  • You can colorize rows that match the specified pattern. You can specify multiple patterns, and different color with each pattern.
  • You can also sanitize lines, so that unwanted part from the lines is removed. Again, you need to specify patterns for that.

These are actually pretty powerful features, but none of them worked for me. If these worked, I would have placed this software pretty high up in the list.

This software also comes with a TCP port listener, that can listen to ports and create log.

Конфигурация

Я старался сделать конфигурацию как можно проще, чтобы всё работало из коробки. Если попросить пользователя задать формат лога, то большинство просто закроют приложение и пойдут смотреть по старинке. Поэтому формат лога распознаётся автоматически. Конечно, это работает не всегда и часто не точно. Для таких случаев можно лога вручную в файле конфигурации. Можно использовать паттерны log4j, logback или просто регексп. Если ваш лог не распознался, но вам кажется что должен — создайте issue на GitHub, этим вы поможете проекту.

Самая нужная настройка — список видимых файлов. По умолчанию доступны все файлы с расширением «.log» и видна вся структура каталогов, но это не очень хорошо с точки зрения секьюрити. В конфигурационном файле можно ограничить видимость файлов с помощью списка паттернов типа такого:

Пользователю будут доступны только .log файлы в директории /opt/my-app/logs и любые файлы в директории ~/work и её поддиректориях.

Более подробная информация в документации на GitHub.

Glogg

Glogg is another free log file viewer for PC. The main advantage of this software is that it features Live updation of search results. So, if you are using log file to analyze specific events, then as new events get added to the log file, it will highlight those in the search results. You can specify polling period at which it should refresh the search results.

In terms of interface, there are some pretty good features that this log analyzer has. The main interface is divided into 2 parts. The top part of the interface is to view the log file. The bottom part is to see the search results. So, if you search for anything in your log file, all the rows that match search results are shown in the bottom part. This makes it very easy to see the search results. It does not give a direct option to export the search results, but you can select all the rows of the search results, copy them, and then paste them anywhere.

In terms of search, it lets you do three types of searches. All the searches can be case sensitive or case insensitive:

  • Fixed Strings: This option lets you do an exact match search.
  • Wildcards: This is a unique option in this log viewer that you can perform searches using wildcards as well. For example, if you want to search for “machine”, you can give search term as “mac*ine”. I am not sure what are the other wildcards that it supports.
  • Regular Expressions: As is the case with most of the log viewers, you can do regular expression based search in this as well.

There is one more feature of this software that I really like, and that is option to highlight rows that meet a filter criteria with a specific foreground and background color. For this, go to Tools menu, and choose Filters. There you can add a filter, specify pattern, and then specify foreground and background colors. All the rows that match that filter criteria will be highlighted accordingly. You can add as many filters as you want, and specify separate colors for each filter, and then rows would be highlighted accordingly.

The remaining options in this software include, option to see line numbers, option to see font and font size, and option to set encoding.

Dynamic Log Viewer

Dynamic Log Viewer, is another log viewer that lets you open large/heavy log files. It is a very fast log viewer in this list. I have tried 1 GB log file in this software and it opened it instantly within 1 second. It displays total number of lines in a log file along with its size on its interface. You can view the number of a particular line by clicking it.

Here are some of the features of this log viewer:

  • It has an Autoscroling feature, which automatically scrolls the loaded log file to bottom. If you don’t want this feature by default, you can lock Autoscrolling.
  • Click Restrict Empty Lines and this free Windows log viewer clears all empty lines from the log file.
  • Print option is also available. You can adjust page setup, page margins (in millimeters), and select page orientation (landscape or portrait) before taking a print out.
  • Coding Standards: This free log file reader supports more than 5 coding standards, which include: ANSI, OEM, UTF-7, UTF-8, etc. You can easily convert log file from one code to another code.
  • Dynamic Log viewer supports three languages: English, Czech, and Slovak.
  • Its other features include go to a line, full screen mode, etc.
  • You can define length of lines that you want to see, and the longer lines will be wrapped.

The biggest downside of this software is its search feature. You can only do an exact match search, and choose direction for it (forward or backwards). There is no option to do any regex search. Also, search results can’t be exported.

Почему Graylog?

Это не единственная и, возможно, далеко не самая лучшая платформа, но она широко распространена, прошла проверку временем и все еще поддерживается разработчиками.

Но, начать мы решили с анализа “конкурентов”.

Альтернативы

Splunk

Классный, модный, современный Splunk соответствует подавляющему большинству потребностей и скорее всего, может даже больше.

Но есть три момента, которые не понравились:

  • В нужной конфигурации решение платное.

  • Это закрытое решение.

  • Компания, без объяснений причин покинула рынок РФ.

Но, если вас это не смущает, немного полезной информации по платформе:

  • Обзорная статья на habr.

  • Сравнение платной и бесплатных версий.

С этим “претендентом” не получилось, идем дальше.

Например, тут и тут его часто сравнивают с ELK, который и рассмотрим.

ELK

Стек продуктов Elasticsearch, Logstash, Kibana, образующий аббревиатуру ELK — это очень популярное и еще более настраиваемое решение, по сравнению с предыдущим. Более того, это решение open source.

Что же пошло не так?

  • Некоторые фишки все же платные, например, уведомления и контроль доступа (однако, после некоторых событий часть данного функционала стала бесплатной). 

  • Ресурсоемкость — требуется очень много ресурсов.

  • Систему сложно настроить, “из коробки” она работать не будет.

  • Еще нужно упомянуть Open Distro, которая развивается на базе ELK, но полностью бесплатная, что не отменяет ресурсоемкость и сложность в настройке.

Немного полезной информации:

  • Инструкция по установке и настройке (eng).

  • Цикл статей на habr: часть 1, часть 2, часть 3.

Остановились на Graylog

Двух претендентов отсеяли, остался виновник торжества — Graylog, выделяющийся по следующим причинам:

  • Это open source решение.

  • Бесплатная версия имеет все необходимое.

  • Функционал небольшой, что удобно, ничего лишнего (для наших задач).

  • “Из коробки” решение уже работает, нужны минимальные настройки.

  • По сравнению с ELK ресурсоемкость значительно ниже.

Далее, мы предлагаем лонгрид по настройке и установке Graylog.

Какую задачу мы решали?

Можно долго рассуждать о важности серверных логов и привести много примеров ситуаций, в которых они жизненно необходимы, но так как речь пойдет именно о сторонней системе и ее особенностях, то выделим ряд важных моментов:

  • Удобно, когда все логи хранятся в одном месте.

  • Круто, когда есть отчеты и возможность автоматически их проанализировать.

  • Полезно, когда логи можно посмотреть даже при “упавшем” сервере или после того как злоумышленник “прибрался” за собой.

  • Бесценно, когда о возникшей ошибке в логах будет оповещение.

Сформулировали задачу так: 

“Подобрать бесплатное open source решение для сбора и анализа логов, не перегруженное функционалом, производительное, простое в установке и использовании.”

brief list of data providers

Real Time Data providers:

Data Provider Description
gRPC Real Time Data Provider A gRPC Data provider that connect to Analogy Log Server and read message back to Analogy Log Viewer
Analogy.AspNetCore.LogProvider A AspNetCore provider that streams logs to Analogy Log Server
Analogy.LogViewer.NLog.Targets NLog Target that streams logs to Analogy Log Server
Serilog Sink Serilog Sink that streams logs to Analogy Log Server
Windows event logs Real time Component of Windows Event logs Parser

Offline Data providers:

Data Provider Description
Serilog Parser Parser for Serilog log files
NLog Parser Parser for NLog log files
Log4Net Parser Parser for Log4Net log files
Regular Expression Parser Regular Expression Parser
IIS log Parser Parser for IIS log files
RSS Reader RSS Feeds inside Analogy Log Viewer
Generic Json Log Parser Generic Json Parser
XML Parser Generic XML Parser
Windows event logs Windows Event logs Parser
Plain Text Parser Plain Text Parser
Git History Display your Git Repository commit history
Kafka Producer/ consumer Kafka Producer / Consumer

File Viewer Lite

File Viewer Lite is a free log file viewer which lets you open large log files quickly. It displays metadata and other information of opened file on its interface. For example, if I open a log file in this free log viewer, I will get alpha and omega of that file, which includes: file size, file location, date and time on which it was opened, date and time on which it was modified, etc. On the right side on its interface, entire log file is displayed along with the line numbers, Ruler, and Syntax Tree. There are options to hide one or any of these.

If I talk about the type of view, there are three types of views available for a log file, namely: Native, Text, and Hex view.

  • Native view is the original representation of a log file, i.e. it shows a log file in its original code. This is the default view.
  • Text view converts a log file and displays it in a coded text format.
  • Hex view converts a log file in Hexadecimal code and displays it on the interface.

A very useful feature of this freeware is Find Tool.

Find Tool: You can search a text in the entire log file by pressing Ctrl+F keys on your keyboard. Following are types of searches that are available in this free log viewer:

  • Case Sensitive
  • Whole Words Only
  • Regular Expressions Searches

This file viewer provides further options to customize the search:

  • Direction Search: Use this search mode to start search either in forward or in backward direction.
  • Origin Search: This type of search mode starts searching texts either from the position where you have placed cursor in a log file or from the beginning.

Apart from this, it also lets you edit a log file and export it on your PC as txt fileCut, Copy, and Paste features are also available in this free log analyzer for PC.

Though this free log viewer comes with many good features, but I do not recommend it to you if you are looking for log viewers that can handle heavy files easily. This freeware is limited for small log files whose size do not exceeds 300 MB. I have tried 500 MB log file in this Windows log viewer, but it failed to open it and displayed a message “Not Sufficient Memory“. Hence, I suggests you to download it only if you are looking for a very basic log file viewer.

NOTE: Save feature is not available in its free version.

Free File Viewer

Free File Viewer is a versatile file viewer that can open files of various formats. It supports opening log files as well and opens large log files quickly without affecting any other running task. It is such a fast large log file viewer that opening 1 GB large log files is a cake walk for this software. In terms of features, it is pretty basic. You can open a log file, and perform basic searches in it. It only shows one search result at a time, and you need to manually move to next search result. Apart from that, it really does not have any feature that make it a good log file viewer.

On the contrary, I noticed a couple of issues while installing it. It tried to change homepage of my browser without my permission. It also downloaded Real Player’s browser plugin, without asking me for the same.

So, I would suggest you to stay away from this, unless you are looking for a versatile file viewer that can support a lot of file formats (including image and video formats).

Windows

Write a Comment

Customization

Changing the column order

Grab the column header and pull it to its new location in the header. Alternatively, you can use the dialog to change the order.

Sorting columns

Click the header of the column to sort the Event View by the contents of the selected column. The active sort column is marked with gray background.

The default sort order is descending. Change the sort order by a repeated click on the column header. To control the sort order from menu, right-click the column header and select either Sort Ascending or Sort Descending from the popup menu.

Fit column to contents (Fit and Autofit)

Right click the column header and select Fit Column to fit the column length to the widest data in the column. Select Autofit This Column to automatically fit the column on log reloads or filtering. Some columns, such as Sender or Recipient(s) are Autofit by default.

Press CTRL — Grey Plus to fit the all columns of the Event View at once. Press CTRL — Grey Minus to minimize the columns to the smallest possible width.

The column settings dialog

To display the Column Settings dialog, right click the header and select Choose Columns… from the popup menu.

Select the column to hide or restore from the list of the available columns and clear or set its checkbox.

Change the column order by selecting the column to move and setting the new position using the Move Up and Move Down buttons.

To reset the column settings to the Log Viewer defaults, click Reset.

Summary

Windows 2000 and Windows Server 2003 record events in the following logs:

  • Application log

    The application log contains events that are logged by programs. Events that are written to the application log are determined by the developers of the software program.

  • Security log

    The security log contains events such as valid and invalid logon attempts. It also contains events that are related to resource use, for example, when you create, open, or delete files. You must be logged on as an administrator or as a member of the Administrators group to turn on, to use, and to specify which events are recorded in the security log.

  • System log

    The system log contains events that are logged by Windows system components. These events are predetermined by Windows.

  • Directory Service log

    The Directory Service log contains Active Directory-related events. This log is available only on domain controllers.

  • DNS Server log

    The DNS Server log contains events that are related to the resolution of DNS names to or from Internet protocol (IP) addresses. This log is available only on DNS servers.

  • File Replication Service log

    The File Replication Service log contains events that are logged during the replication process between domain controllers. This log is available only on domain controllers.

By default, Event Viewer log files use the .evt extension and are located in the folder.

Log file name and location information is stored in the registry. You can edit this information to change the default location of the log files. You may want to move log files to another location if you require more disk space in which to log data.

Legit Log Viewer

Legit Log Viewer is another free log viewer software for Windows in this list. As you launch this log file viewer, it displays a demo log file on the interface for the first time. You can take a look at its features by playing around with this demo log file.

This log file viewer lets you open multiple log files together, in its different tabs. Moreover, it also displays the recently opened log files, so you can open them quickly. Multiple file formats (llog, xlog, text, and log) are supported by this free log analyzer software. All these formats are applicable for both import and export options. It also lets you copy a selected text to clipboard and load the copied text from clipboard into the software.

This log viewer is not a plain text viewer (though, it supports log files in txt format as well). Instead, it neatly organizes logs in form of tables. For the table, you can choose which columns to show or hide. You can choose to show / hide following columns:

  • ProcessId
  • Date / Time
  • Level
  • Context
  • Logger
  • Message

You can also choose to sort the log file on any of these columns, just by clicking on the corresponding column header. Some of the columns come with filtering options as well. For example, in “Level”, you can choose to view any of Info, Warning, or Trace type messages.

It also comes with a filter option to see all the rows with a specific message.

Apart from opening existing log files, it comes with another powerful feature to capture Live Logs. There are various Log formats that it can capture live in Windows. Some of these include: C++ Library, DebugView log (Clock time, PIDs), WiX log, DebugView log (Clock time), etc. You can choose to remove one or more of these if you want to capture only specific type of events.

It also come with option to export log files, and encrypt / decrypt log files.

General

Analogy Log Viewer is multi purpose Log Viewer for Windows Operating systems.

Some features of this tool are:

  1. Windows event log support (evtx files)
  2. Aggregation into single view.
  3. Search in multiple files
  4. Combine multiple files
  5. Compare logs
  6. Themes support
  7. 64 bit support (allow loading more files)
  8. Personalization (users settings per user)
  9. Columns Extendable: Ability to add more columns specific to the data source implementation
  10. Exporting to Excel/CSV files
  11. Collaboration-like feature: ability to send log messages to gRPC/WCF service and/or between data providers

Main interaction UI:

  • Ribbon area: Log files operations (open) and tools (search/combine/Compare)
  • Messages area: File system UI and Main Log viewer area

The application supports the followings data providers:

  1. Common logs frameworks like: Serilog, NLog, Log4Net, Microsoft Logging.

  2. Generic file types: Json Parser and XML parser.

  3. Real time streaming from the following languages: C#, C++, Python and JAVA using gRPC log Server and client.

  4. Custom providers. Create specific parsers for specific applications.

Отображение лога

Чтобы легче различать границы одной записи, запись под курсором подсвечивается прямоугольником; поле severity подсвечивается различными цветами в зависимости от значения, парные скобки подсвечиваются когда наводишь курсор на одну из них.

Обратите внимание на стектрейс эксепшена, показаны только самые интересные строки, остальные сфолжены под «+» и «…» , интересными строками считаются классы из пакетов принадлежащий главному приложению, соседние с ними, и первая строка. Пакеты главного приложения задаются в конфигурации

В таком виде стектрейс занимает намного меньше места на экране и его удобней смотреть. Возможно такая идея понравится разработчикам Java IDE.

Имя логгера тоже сокращено: «~.SecurityManager». Показывается только имя класса, а пакет сворачивается в «~».

Фолдинг влияет только на отображение, поиск работает по оригинальному тексту. Если совпадение найдётся в сокращённой части текста, то эта часть текста автоматически появится. Также, если пользователь выделит текст и нажмёт Ctrl+C, в буфер скопируется исходный текст, без всяких сокращений.

Архитектура позволяет легко навешивать на текст подсветку или всплывающие подсказки, благодаря этому, сделаны разные приятные мелочи типа показа даты в человеческом формате, если она напечатана в виде числа:

About the Project

Klogg started as a fork of glogg — the fast, smart log explorer in 2016.

Since then it has evolved from fixing small annoying bugs to rewriting core components to
make it faster and smarter that predecessor.

Development of klogg is driven by features my colleagues and I need
to stay productive as well as feature requests from users on Github and in glogg mailing list.

Comparing with glogg

Klogg has all best features of glogg:

  • Runs on Unix-like systems, Windows and Mac thanks to Qt5
  • Is fast and reads the file directly from disk, without loading it into memory
  • Can operate on huge text files (10+ Gb is not a problem)
  • Search results are displayed separately from original file
  • Supports Perl-compatible regular expressions
  • Colorizes the log and search results
  • Displays a context view of where in the log the lines of interest are
  • Watches for file changes on disk and reloads it (kind of like tail)
  • Is open source, released under the GPL

And on top of that klogg:

  • Is heavily optimized using multi-threading and SIMD
  • Supports logical combinations of search patterns
  • Supports many common text encodings
  • Can limit search operations to some part of huge file
  • Allows to configure several highlighters sets and switch between them
  • Has a scratchpad window for taking notes and doing basic data transformations
  • Provides lots of small features that make life easier (closing tabs, copying file paths, favorite files menu, etc.)

Here is a small demo showing how much faster klogg is (searching in ~1Gb file stored on tmpfs):

List of glogg issues that have been fixed/implemented in klogg can be found here.

Prominent features of dev-builds compared to latest stable release:

  • support for files with more than 2147483647 lines
  • much faster regular expressions search (2-4 times)
  • ability to combine regular expressions with boolean operators (AND, OR, NOT)
  • configurable shortcuts
  • list of configurable predefined regular expression patterns
  • better dark mode
  • build scripts allow to use more dependencies from OS packages instead of vendored versions

List of all changes can be found here.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Adblock
detector