Add a tool that would read a log and present it differently, including possibly/optionally (as requested):
With human-friendly timestamps (e.g., an ISO format). Most importantly, with inferred timestamps of when the events occurred. These can be inferred as: send attempt real timestamp - (send attempt uptime - kmsg uptime).
With control characters escaped or replaced.
Starting from a previously-recorded "cursor", updating it (which it'd maintain in per-log cursor files).
Wait for data (akin to tail -f and journalctl -f).
With filtering by message type (LKRG only vs. LKRG+kernel only vs. all including userspace-injected).
With filtering by syslog severity.
Maybe the tool should also be able to read/follow multiple logs at once and combine them into one output stream, or/and we need this functionality in the logger. Either way, the final messages would need to include end system IDs (perhaps as first field).
Item 1 above is now implemented in a basic form - we might still want to add command-line options to choose which timestamps are reported. Items 2 to 6 are unimplemented.
Nov 10 to Nov 24, 2022:
Add a tool that would read a log and present it differently, including possibly/optionally (as requested):
send attempt real timestamp - (send attempt uptime - kmsg uptime)
.tail -f
andjournalctl -f
).Maybe the tool should also be able to read/follow multiple logs at once and combine them into one output stream, or/and we need this functionality in the logger. Either way, the final messages would need to include end system IDs (perhaps as first field).
Item 1 above is now implemented in a basic form - we might still want to add command-line options to choose which timestamps are reported. Items 2 to 6 are unimplemented.