Log Tools¶
logs ¶
Log and audit tools.
Transport ¶
Bases: StrEnum
Valid journalctl transport types for filtering journal entries.
Transports identify the source/mechanism that submitted log messages to the journal.
AUDIT - Linux audit subsystem messages (security events, syscall auditing) DRIVER - Kernel driver messages logged via dev_printk(). JOURNAL - Messages logged directly to the journal via sd_journal_* APIs. KERNEL - Kernel ring buffer messages (dmesg/printk). STDOUT - stdout/stderr from services with StandardOutput/StandardError=journal. SYSLOG - Messages received via the syslog socket (/dev/log).
Source code in src/linux_mcp_server/tools/logs.py
get_journal_logs
async
¶
get_journal_logs(
unit: Annotated[
str,
Field(
description="Filter by systemd unit name or pattern",
examples=[
service,
nginx,
httpd,
"systemd-*",
"audit*",
],
),
] = "",
priority: Annotated[
str,
Field(
description="Filter by syslog priority level (0-7), name, or range",
examples=[
err,
warning,
info,
debug,
3,
"err..warning",
],
),
] = "",
since: Annotated[
str,
Field(
description="Filter entries since specified time (absolute or relative)",
examples=[
today,
yesterday,
"-1h",
"-30m",
"-7d",
"2025-01-15 10:00:00",
],
),
] = "",
transport: Annotated[
Transport | None,
"Filter by journal transport (e.g., 'audit' for audit logs, 'kernel' for kernel messages, 'syslog' for syslog messages)",
] = None,
lines: Annotated[
int,
Field(
description="Number of log lines to retrieve. Default: 100",
ge=1,
le=10000,
),
] = 100,
host: Host = None,
) -> LogEntries
Get systemd journal logs.
Retrieves entries from the systemd journal with optional filtering by unit, priority level, time range, and transport. Returns timestamped log messages.
To get audit logs, use transport='audit'.
Source code in src/linux_mcp_server/tools/logs.py
read_log_file
async
¶
read_log_file(
log_path: Annotated[
Path,
BeforeValidator(validate_path),
Field(
description="Absolute path to the log file (must be in allowed list)",
examples=[
"/var/log/messages",
"/var/log/secure",
"/var/log/audit/audit.log",
"/var/log/dnf.log",
],
),
],
lines: Annotated[
int,
Field(
description="Number of lines to retrieve from the end.",
ge=1,
le=10000,
),
] = 100,
host: Host = None,
) -> LogEntries
Read a specific log file.
Retrieves the last N lines from a log file. The file path must be in the allowed list configured via LINUX_MCP_ALLOWED_LOG_PATHS environment variable.
Source code in src/linux_mcp_server/tools/logs.py
143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 | |