Lightweight HTTP log monitoring and alerting tool
Project description
watchl
Lightweight HTTP log monitoring and alerting console tool written in Python.
Note: only W3C-formatted logs are supported for now. See here for an example W3C-formatted log file.
Features
- Live tail of log files.
- Stats reporting in the console: top hit sections, traffic, throughput, etc.
- Live alerting and recovery detection with customizable thresholds and delays.
- Friendly command line interface.
- Detailed and machine-readable JSON-formatted output.
- Asynchronous architecture with low resources footprint.
- Optional Docker-based execution.
Example command:
$ watchl -f access.log --report-every=2 --alert-tick=2 --traffic-up=1 --traffic-down=1
Output (JSON prettification by piping into jq):
{
"levelname": "INFO",
"message": "process started",
"timestamp": "2019-07-30T21:02:30.652107",
"pid": 2417
}
{
"levelname": "INFO",
"message": "watching logs",
"timestamp": "2019-07-30T21:02:30.653034",
"path": "access.log"
}
{
"levelname": "INFO",
"message": "activity in the past 2.0 seconds",
"timestamp": "2019-07-30T21:02:32.708673",
"sections.count": {
"unit": "hits",
"value": [
{
"key": "/presentations",
"count": 68
},
{
"key": "/images",
"count": 13
},
{
"key": "/blog",
"count": 9
}
]
},
"requests.total": {
"unit": "req",
"value": 135
},
"requests.average": {
"unit": "req/s",
"value": 67.5
},
"transfer.average": {
"unit": "bytes/s",
"value": 3064559
},
"transfer.mean": {
"unit": "bytes/req",
"value": 45400.874074074076
}
}
{
"levelname": "WARNING",
"message": "alert status changed",
"timestamp": "2019-07-30T21:02:34.773988",
"status": "active",
"previous_status": "activating",
"value": 89.5,
"reason": "stayed above threshold for longer than up delay",
"metric": "requests.average",
"threshold": 10,
"up": "0:00:01",
"down": "0:00:01"
}
...
Installation
- If you have Python 3.6+ installed, you can install
watchl
from PyPI:
pip install watchl
or locally by cloning the repository and running:
pip install .
- If you have Docker installed, you can build the image using:
docker build -t watchl .
Usage
General notes
watchl
exposes a command line executable named watchl
.
When run without any other options, watchl
will read logs from /tmp/access.log
(this is configurable — see CLI reference for options) and consume them as they are written to the file.
Known limitation:
watchl
does not handle log rotation yet. If the log file is renamed, truncated or moved,watchl
won't be able to read new logs anymore, and will need to be restarted. See #9.
If you are using Docker, and assuming you have a log file somewhere on your machine, you can run a watchl
container using:
docker run -it --rm -v /host/path/to/access.log:/tmp/access.log watchl <options>
By default, watchl
works on relatively long time scales (minutes). For quicker feedback (e.g. when trying watchl
for the first time), you can try the following options:
watchl --report-every=5 --alert-tick=1 --traffic-up=1 --traffic-down=1
CLI reference
Usage: watchl [OPTIONS]
Options:
-f PATH Path to an actively written-to log file.
[default: /tmp/access.log]
--report-every FLOAT Number of seconds between stats reports.
[default: 10]
--sections-top INTEGER Number of most hit website sections to
display in the report. [default: 3]
--traffic-threshold FLOAT [default: 10]
--traffic-up FLOAT Number of seconds to trigger an alert after
traffic exceeded the threshold. [default:
120]
--traffic-down FLOAT Number of seconds to stop an alert after
traffic dropped below the threshold.
[default: 120]
--alert-tick FLOAT Number of seconds between evaluation of
stats for alerting purposes. [default: 10]
--tick FLOAT Number of seconds between system event
checks. Note: lower values increase CPU
usage. [default: 0.5]
--log-level [debug|info|warning|critical|error]
Level for internal log messages [default:
info]
--limit-max-log-lines INTEGER Limit the number of log lines to ingest
before terminating the process.
--help Show this message and exit.
Contributing
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file watchl-0.1.tar.gz
.
File metadata
- Download URL: watchl-0.1.tar.gz
- Upload date:
- Size: 12.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.1
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 78eb0d859906176adc372344f984eb2c344cff80077f66a2c2a9d81907bf1d27 |
|
MD5 | 1833e14966a165d480a5bbd1e554335f |
|
BLAKE2b-256 | 684402a117d3b383484a7c7a79a09702be272655a8b77911126b778f807d80c7 |
File details
Details for the file watchl-0.1-py3-none-any.whl
.
File metadata
- Download URL: watchl-0.1-py3-none-any.whl
- Upload date:
- Size: 13.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.1
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | cbd11ce7779f2407c83010bcb6667195f1070ae74de7fbe36111db38dff0b475 |
|
MD5 | 8e3fba0aeb52b372be6166a59cf2b449 |
|
BLAKE2b-256 | 64a3d8b7d322ecce3b81401d438bbf713f439c9e0ef7b50a8801bfe8cd9ae62b |