Why does it have to be a custom network protocol when using syslog would not only suffice, but also allow for devices that don't run custom code (e.g., switches or routers) to be monitored?
Syslog is a little bit warty- if I didn't use it elsewhere[1], I wouldn't necessarily reach for it. It seems like it should also be fairly trivial to just use your OS' syslog as a shim, if you wanted this to be a syslog endpoint.
Trivial, maybe. Not only does it add a single point of failure, though, as the logs get aggregated on the syslog host, the only “benefit” rtail retains is looking at the logs in a browser instead of tail(1).
Not sure why syslogd as a single point of failure is worse than rtail-server being a single point of failure- there are some very, very stable & battle-tested syslogd implementations.
Additionally, it doesn't really seem like that's the case- as long as you were willing to reconfigure syslog on the hosts, you could do syslog -> rtail => rtail-server (-> is local, => is network), as rtail works via UDP.
Wow! This is really cool! I would love to use this at my workplace. I had a small problem, though: it seems the clients don't keep very much data.
For example, I filtered based on an expression that matched about 1-2 lines per second. The lines appeared, but disappeared almost as quickly. I suspect there is some small client-side buffer that I'm overrunning almost instantly; the log stream I used produces about 500 lines per second. Is this too much for the tool? Can I tune it to work with that load?
Yeah, so the filter uses the internal buffer which is 100 lines. you can easily hack it to make it bigger (there is a closed github issue to look at for instructions). I don't want to make bigger buffers available just yet. I want to rewrite the webapp using ng2 and use an infinite scroll for the lines view. Feel free to open a new issue if you want!
I can start using this immediately for debugging the backend of a web application during development. For some kinds of debugging, it's preferable to log output to a file or tty instead of printing on the page during a request or stepping through a debugger. This is particularly true in frameworks where you might be trying to debug something that's happened after the rendering step.
I would typically use standard debug logging and tail the output in a terminal while I test, but having that output in a browser, searchable, filterable by RegExp adds a whole additional layer of ease of use. Showing this to all the backend devs on my team today!
less is great, and I'm certainly comfortable using it (nice snippet btw!). Other devs on my team who are more web focused would probably find rtail easier to use.
We also have a Vagrant box for each project, and rtail would be trivial to add to the Vagrant template so that every development box has this running on a specific port without any setup or fiddling needed by each developer. At least that's the direction I'm thinking of going in right now, without having actually tried it out. :)
