Petiti – An Open Source Log Analysis Tool for Linux SysAdmins

Petit is a free and open source command line based log analysis tool for Unix-like as well as Cygwin systems, designed to rapidly analyze log files in enterprise environments.

It is intended to follow the Unix philosophy of small fast and easy to use, and can be used to inspect/supports different log file formats including syslog and Apache log files.

Petit Features

  • Supports for log analysis.
  • Auto-detects and supports various log file formats( e.g. Syslog, Apache Access, Apache Error, Snort Log, Linux Secure Log, and raw log files).
  • Supports for log Hashing .
  • Supports command line graphing.
  • Supports for word discovery and count with common stop-words within log data.
  • Supports for log reduction for easy reading.
  • Provides various default and specially made filters.
  • Supports fingerprints, useful in identifying and excluding reboot signatures.
  • Offers several output options for wide screen terminals and character selection and many more.

In this tutorial, we will show you how to install and use Petit log analysis tool in Linux to pull out useful information from system logs in a various ways.

How to Install and Use Petit Log Analysis Tool in Linux

Petit can be installed from the default repositories of Debian/Ubuntu and its derivatives, using apt package management tool as shown below.

$ sudo apt install petit

On RHEL/CentOS/Fedora systems, download and install the .rpm package like this.

# wget http://crunchtools.com/wp-content/files/petit/petit-current.rpm
# rpm -i petit-current.rpm

Once installed, it’s time to see the Petit basic usage with examples..

Hashing a Log File

This is a straightforward petit function – it sums up the number of lines discovered in a log file. It’s output comprises of the number of similar lines found in the log and what the group broadly looked like as shown below.

# petit --hash /var/log/yum.log
OR
# petit --hash --fingerprint /var/log/messages
Petit – Monitor Yum Log History
2:	Mar 18 14:35:54 Installed: libiec61883-1.2.0-4.el6.x86_64
2:	Mar 18 15:25:18 Installed: xorg-x11-drv-i740-1.3.4-11.el6.x86_64
1:	Dec 16 12:36:23 Installed: 5:mutt-1.5.20-7.20091214hg736b6a.el6.x86_64
1:	Dec 16 12:36:22 Installed: mailcap-2.1.31-2.el6.noarch
1:	Dec 16 12:40:49 Installed: mailx-12.4-8.el6_6.x86_64
1:	Dec 16 12:40:20 Installed: man-1.6f-32.el6.x86_64
1:	Dec 16 12:43:33 Installed: sysstat-9.0.4-31.el6.x86_64
1:	Dec 16 12:36:22 Installed: tokyocabinet-1.4.33-6.el6.x86_64
1:	Dec 16 12:36:22 Installed: urlview-0.9-7.el6.x86_64
1:	Dec 16 12:40:19 Installed: xz-4.999.9-0.5.beta.20091007git.el6.x86_64
1:	Dec 16 12:40:19 Installed: xz-lzma-compat-4.999.9-0.5.beta.20091007git.el6.x86_64
1:	Dec 16 12:43:31 Updated: 2:tar-1.23-15.el6_8.x86_64
1:	Dec 16 12:43:31 Updated: procps-3.2.8-36.el6.x86_64
1:	Feb 18 12:40:27 Erased: mysql
1:	Feb 18 12:40:28 Erased: mysql-libs
1:	Feb 18 12:40:22 Installed: MariaDB-client-10.1.21-1.el6.x86_64
1:	Feb 18 12:40:12 Installed: MariaDB-common-10.1.21-1.el6.x86_64
1:	Feb 18 12:40:10 Installed: MariaDB-compat-10.1.21-1.el6.x86_64
1:	Feb 18 12:54:50 Installed: apr-1.3.9-5.el6_2.x86_64
......

Finding Number Of Lines Produced by a Daemon

Using the --daemon option helps to output a basic report of lines produced by particular system daemon as shown in the example below.

# petit --hash --daemon /var/log/syslog
Petit – Monitor SysLog Entries
847:	vmunix:
48:	CRON[#]:
30:	dhclient[#]:
26:	nm-dispatcher:
14:	rtkit-daemon[#]:
6:	smartd[#]:
5:	ntfs-#g[#]:
4:	udisksd[#]:
3:	mdm[#]:
2:	ag[#]:
2:	syslogd
1:	cinnamon-killer-daemon:
1:	cinnamon-session[#]:
1:	pulseaudio[#]:

Finding Number Of Lines Produced by a Host

To find all the number of lines generated by a particular host, use the --host flag as shown below. This can be useful when analyzing log files for more than one host.

# petit --host /var/log/syslog

999:	tecmint

Performing a Word Count in a Log File

This function is used to search and display qualitatively significant words in a log file.

# petit --wordcount /var/log/syslog
Petit – List Number of Word Count in Logs
845:	[
97:	[mem
75:	ACPI:
64:	pci
62:	debian-sa#
62:	to
51:	USB
50:	of
49:	device
47:	&&
47:	(root)
47:	CMD
47:	usb
41:	systemd#
36:	ACPI
32:	>
32:	driver
32:	reserved
31:	(comm#
31:	-v

Graphing a Log File

This works in a key/value bar charting format, for side by side comparison of distributions as shown in the examples below.

To graph the first 60 seconds in a syslog, use the --sgrapg flag like this.

# petit --sgraph /var/log/syslog
Petit – Graph a Log File
#                                                           
#                                                           
#                                                           
#                                                           
#                                                           
############################################################
59                            29                           58 

Start Time:	2017-06-08 09:45:59 		Minimum Value: 0
End Time:	2017-06-08 09:46:58 		Maximum Value: 1
Duration:	60 seconds 			Scale: 0.166666666667

Tracking Particular Words in a Log File

This example shows how to track and graph a specific word (e.g “dhcp” in the command below) in a log file.

# cat /var/log/messages | grep error | petit --mgraph
Petit – Track a Word in Logs
#                        #                          #       
#                        #                          #       
#                        #                          #       
#                        #                          #       
#                        #                          #       
############################################################
10                            40                           09 

Start Time:	2017-06-08 10:10:00 		Minimum Value: 0
End Time:	2017-06-08 11:09:00 		Maximum Value: 2
Duration:	60 minutes 			Scale: 0.333333333333

Additionally, to show samples for each entry in a log file, use the –allsamples option like this.

# petit --hash --allsample /var/log/syslog

Important Petit Files:

  • /var/lib/petit/fingerprint_library – used to construct custom fingerprint files.
  • /var/lib/petit/fingerprints (aggregate fingerprint files) – used to filter out reboots and other events not considered vital by the system administrator.
  • /var/lib/petit/filters/

For more information and usage options, read the petit man page like this.

# man petit
OR
# petit -h

Petit Homepage: http://crunchtools.com/software/petit/

Also read through these useful guides concerning log monitoring and management in Linux:

  1. 4 Good Open Source Log Monitoring and Management Tools for Linux
  2. How to Manage System Logs (Configure, Rotate and Import Into Database) in Linux
  3. How to Setup and Manage Log Rotation Using Logrotate in Linux
  4. Monitor Server Logs in Real-Time with “Log.io” Tool on Linux

You can send us any queries via the feedback form below or perhaps share with us info about useful log analysis tools for Linux out there, that you have heard of or come across.

If you read this far, tweet to the author to show them you care. Tweet a thanks
Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.