0.7.9

Full Changelog: 0.7.8...0.7.9

• #23. Updated Vim-style key bindings. Added navigation through the log and lists with the j and k keys, as well as switching lists with h and l. Help is available with the ? and F1 keys. Removed the Ctrl+D and Ctrl+U bindings for quickly scrolling through lists and outputting the log (an alternative for macOS) in favor of j and k.
• Disabled navigation through the interface in the help window until it is closed with Esc (as requested in the comments to the article on Habr).
• Added changing the focus to the filter window from the list window or the log window with the / key. To return to the previous window, use Enter from the filter window, and clear the input field with Esc for the corresponding windows. The Ctrl+W key binding no longer clears text in favor of using Esc and has been replaced with disabling coloring (instead of Ctrl+Q).
• Added the -m/--disable-mouse flag to disable mouse control support.
• Added the -s/--docker-stream flag and the Ctrl+D keyboard shortcut to force reading Docker container logs from a stream. By default, reading occurs from the file system in json format (if the current user has access to the logs directory) to access archived logs.
• Added the ability to change the display of one of the Docker log streams (filtering by stdout, stderr or all) using the Ctrl+S keyboard shortcut.
• Changed getting the path to container logs in the file system from static (from the /var/lib/docker/containers directory) to dynamic using the docker inspect method.
• Updated the status in the subtitle for the logs window. Added display of log reading mode for Docker containers (streams only or json from file system) and current stream output mode (all, stdout or stderr only).
• Added disabling output refresh in the background (tail mode) using the Ctrl+U shortcut or the -e/--disable-autoupdate flag. To manually refresh the output, use the Ctrl+Q shortcut.
• Added checking for changes in the Docker log before loading it when using the read mode from the file system in json format.

0.7.8

Full Changelog: 0.7.7...0.7.8

• Implemented reading audit logs with filtering by keys from auditd in interpret mode (interpret results to be human readable, for example, to convert system calls or user IDs, as opposed to the standard reading from the log in raw form from the file system).

• Added a new filtering mode by timestamp for journald, docker and podman logs from streams (updated information in README and the help window).

• Expanded functionality for working in command line mode. Added new flags --command-fuzzy, -f and --command-regex, -r for filtering output via pipe.

• Reworked the Docker log reading process to separate stdout and stderr streams. When the user does not have access to the /var/lib/docker/containers directory, the user can get data from both streams sorted by timestamp.

• #21. Changed timestamp for docker logs to YYYY-MM-DDTHH:MM:SS.MS(x9)Z format, expanded the range of string switching (added values: 200, 500, 1000) and added a Ctrl+T hotkey for switching (disabling and enabling) the timestamp and data type output for stream.

0.7.7

Full Changelog: 0.7.6...0.7.7

• Added the ability to install in a Docker container based on a Debian image (Docker Hub), as well as an option to run in the Web interface via ttyd.
• Added tail mode to the Logs window subtitle for visualization and dynamic change of the maximum number of output lines, the background update mode (disabled when scrolling up) and the update period, as well as the current painting mode (enabled or disabled). Changing these parameters is available via hotkeys and command line flags:

• #22 Added mouse control support for switching windows, selecting logs and scrolling (including fast scrolling of the log with Ctrl or Alt held down).
• Added a filter when reading Windows Events for the last 30 days to increase the performance of loading the log (in the tested system, the average speed of reading all events increased 3 times). In the current release, methods using WMI via the StackExchange/wmi library and PowerShell were tested (loading all logs is not supported and performance is 2 times lower compared to wevtutil).
• The delimiter has been reworked. Coloring and display have been debugged if the log is not read in its entirety (limited by the tail mode by the number of lines).
• The log loading time has been added to the log output status (the loading time is displayed first, and then the coloring time is displayed after a fraction).
• The --command-color, -c flag has been added for coloring the output in command line mode and --disable-color, -d for disabling coloring in the interface at startup (an alternative to the Ctrl+Q combination).
• Coloring for numbers has been improved (the number of regular expressions has been reduced) and coloring of integers has been added.
• Fixed issue with removing consecutive spaces when coloring output.
• Fixed issue with log positioning when filtering (log always goes to the very bottom).
• Added ASCII logo to show help (F1).

0.7.6

Full Changelog: 0.7.5...0.7.6

Changes

• Improved coloring for numbers, URLs and unix paths, debugged some word combinations (including directories and known names) and improved coloring testing.

• Added Ctrl+Q hotkey to completely disable/enable built-in coloring in order to increase the performance of loading large journals (over 100 thousand lines).
• Added coloring mode via tailspin. Works several times slower and is suitable for small journals.
• Added Ctrl+R hotkey to manually refresh all current log lists.
• Debugged the issue with displaying the last line in journals (if there was no empty line at the end of the log).
• Debugged error messages from stderr when reading Docker logs (if there are no access rights to the container directory for direct reading from the file system in json format).
• Added the show help window for hotkeys when pressing F1.

New Contributors

• @eunos-1128 add installation instructions for Homebrew and Conda by @eunos-1128 in #20

0.7.5

Full Changelog: 0.7.4...0.7.5

• #18 Added new flag -a/--audit to get summary and diagnostic information for the ability to load into the brew package manager. Now the flag -v/--version returns only the version without unnecessary text.
• #19 Tested operability in the Rocky Linux 8.9 (Green Obsidian) distribution and disabled cgo when building binaries.
• Added tests to the CI process for macOS 15 arm64 (operability of the interface launch, loading logs and checking reading logs from the file system).
• Updated dependencies, and added a dependency check to the CI process during testing.
• Written Makefile and Taskfile to replace build.sh to automate the process of cross-compilation, checking for linters and testing.

0.7.4

Full Changelog: 0.7.3...0.7.4

This release is aimed at testing functionality and performance, at the moment, full test coverage is on average 74%.

The summary coverage report (test-merge-coverage.out) from Windows and Ubuntu systems, as well as the results of reading and painting speed of all logs on Actions agents (test-summary-report.md) are attached to the release files.

All logs for the opt directory have been moved from System var logs to Optional package logs (the second tab for file logs) to make searching more granular, and file extension searching has been debugged (including pcap).

0.7.3

Full Changelog: 0.7.2...0.7.3

• Added support for reading Kubernetes logs for all pods.
• Added testing of the interface functionality using tmux via a script (test.sh) and the arm64 architecture on macos via GitHub Actions.
• Added checking for critical security vulnerabilities before building via gosec.
• #16 Added alternative key combinations for quick navigation through log lists and log output on macOS.
• #17 Fixed a launch issue on Ubuntu 20.04 during build (dependency on GLIBC 2.31).

0.7.2

Full Changelog: 0.7.1...0.7.2

• Added support for Windows Events.
• Added the ProgramData directory to the list of available Windows file logs and checked the system drive letter.
• Debugged interface redrawing when changing the window size.
• Added coloring of the date to the system boot list.

0.7.1

Full Changelog: 0.7.0...0.7.1

• Implemented interface for scrolling log output when scrolling.
• Added support for reading logs in the pcapng format (including archived ones) for macOS.
• Debugged coloring for url.
• #10 Added functions for moving to the beginning and end of the log output via the Home/Ctrl+W and End/Ctrl+R keys, as well as support for the PgUp/PgDown keys for navigating through lists and the log.
• #14 Added support for reading logs in the asl (Apple System Log) format via the syslog utility.

0.7.0

Full Changelog: 0.6.0...0.7.0

Changes:

• Added file system and installation support in Windows.
• Added file system and installation support for BSD-based systems. Tested and debugged on OpenBSD 7.6 and FreeBSD 14.2 systems.
• Added search for logs in pcap (Packet Capture) format from /var/log and home directories, and implemented reading of binary logs, including Packet Filter (firewall for the OpenBSD system) via tcpdump.
• Added logs in addition to the main list System var logs for searching from the /opt/ directory (user applications) and reading archived logs in xz (example for apt eipp logs) or bz2 format (using in FreeBSD system).
• #9 Added flags for getting help and the current version of the application.

Supported search logs in Windows system for the following directories:

• Program Files
• Program Files (x86)
• AppData\Local for current user
• AppData\Roamin for current user

To read logs, automatic detection of the following encodings is supported:

• UTF-8
• UTF-16 with BOM
• UTF-16 without BOM
• Windows-1251 by default

Debugging:

• #7 Debugged a bug in outputting a list of services from systemctl on systems that do not support the JSON format. Tested on Ubuntu Server 20.04.6.
• Added a check when searching for a local Docker container log in the file system (if the log is not found, for example, on a Windows system, use docker cli to read).
• Debugged the problem with deleting some words that did not meet additional conditions in cycles during painting.
• Improved painting and performance by reducing conditions, and increased the number of keywords for network dump logs, routing tables, port painting and subnet masks.
• Added new logs (daemon, utmp, etc.) and debugged the output of authorization logs.
• Improved search for truncated logs in .[0-9] format.
• Added temporary disabling of changing the log in the current window until the current list of files is loaded (to avoid reloading during flow execution).
• Debugged the code for passing checks of all go-critic and err113 linters.