Skip to content
A CLI Graylog Client with Follow Mode
Branch: master
Clone or download
Latest commit d0af9ca Jan 19, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information.
bonfire Remove bad character Jan 19, 2017
docs Endpoint (#18) Dec 29, 2016
tests Endpoint (#18) Dec 29, 2016
.coveragerc Add to coverage ignore Apr 21, 2015
.gitattributes Initial commit Mar 4, 2015
.gitignore Initial commit Mar 4, 2015
.travis.yml Change test for dump format Sep 13, 2016
AUTHORS.rst Initial commit Mar 4, 2015
LICENSE.txt Add LICENSE.txt Apr 16, 2015
README.rst Endpoint (#18) Dec 29, 2016
requirements.txt Removed strict pinning on six Jan 19, 2017
setup.cfg Adds first tests Apr 16, 2015 Remove line from Sep 13, 2016



Bonfire is a command line interface to query Graylog searches via the REST API. It tries to emulate the feeling of using tail on a local file.



> bonfire -h logserver -u jdoe -@ "10 minutes ago" "*"

> bonfire -h logserver -u jdoe -f "source:localhost AND level:2"

Bonfire usage:

Usage: bonfire [OPTIONS] [QUERY]

  Bonfire - An interactive graylog cli client

  --node TEXT                     Label of a preconfigured graylog node
  -h, --host TEXT                 Your graylog node's host
  -s, --tls                       Use HTTPS
  --port INTEGER                  Your graylog port (default: 12900)
  --endpoint TEXT                 Your graylog API endpoint e.g /api (default:
  -u, --username TEXT             Your graylog username
  -p, --password TEXT             Your graylog password (default: prompt)
  -k, --keyring / -nk, --no-keyring
                                  Use keyring to store/retrieve password
  -@, --search-from TEXT          Query range from
  -#, --search-to TEXT            Query range to (default: now)
  -t, --tail                      Show the last n lines for the query
  -d, --dump                      Print the query result as a csv
  -o, --output TEXT               Output logs to file (only tail/dump mode)
  -f, --follow                    Poll the logging server for new logs
                                  matching the query (sets search from to now,
                                  limit to None)
  -l, --interval INTEGER          Polling interval in ms (default: 1000)
  -n, --limit INTEGER             Limit the number of results (default: 10)
  -a, --latency INTEGER           Latency of polling queries (default: 2)
  -r, --stream TEXT               Stream ID of the stream to query (default:
                                  no stream filter)
  -e, --field TEXT                Fields to include in the query result
  -x, --template-option TEXT      Template options for the stored query
  -s, --sort TEXT                 Field used for sorting (default: timestamp)
  --asc / --desc                  Sort ascending / descending
  --help                          Show this message and exit.


Bonfire can be configured. It will look for a ~/.bonfire.cfg or a bonfire.cfg (in the current directory). The configuration file can specify API nodes. If no host is specified a node with the name default will be used. You can also configure queries which can be referenced by starting your query with a colon:



query=facility:*foo* AND source:*bar*
from=2015-03-01 15:00:00

Now you can run queries via such as:

> bonfire --node=dev :example
... runs the example query on the node dev

> bonfire :example
... runs the example query on the default node

Query Templates



Known Bugs

  • bonfire expects graylog's timezone to be UTC.

Release Notes

  • v0.0.7: Issues fixes, TLS and Proxy support
    • Adds support for proxies
    • Adds support for https urls
    • Add timestamps to the dump format
  • v0.0.6: Documentation fix
    • Change of README.rst
  • v0.0.5: Clean up
    • Removed terminal UI ideas
    • Added first tests
    • Fixed date and time handling with timezones
    • Added python3 compatibility
  • v0.0.4: Extended documentation & stream access
    • Use the first stream the user has access to if no stream is specified and the user has no global search rights
  • v0.0.3: Small fixes
    • Use accept header in GET requests.
    • Fix bug when querying specific fields
  • v0.0.1: Initial release
    • Limited feature set.
You can’t perform that action at this time.