Log Streaming nfltr tail

nfltr tail streams the last N lines of any file through a gRPC tunnel, serving a live-updating web UI with search, pause, and auto-scroll. Think tail -f over the internet, with a searchable browser interface.

Quick Start

# Stream /var/log/syslog with password protection
nfltr tail /var/log/syslog --basic-auth admin:secret --name my-server

# Stream the last 200 lines (default: 100)
nfltr tail /var/log/nginx/access.log --lines 200

# Stream with a custom agent name
nfltr tail ~/app/logs/app.log --name app-logs --basic-auth ops:s3cret

Once running, visit the public URL shown in the terminal to see the live log viewer.

How It Works

Endpoints

Path	Description
`/`	Interactive web UI with search, pause/resume, auto-scroll, and keyword highlighting
`/raw`	Plain-text output — pipe to `grep`, `jq`, or any CLI tool
`/stream`	Server-Sent Events (SSE) — real-time line-by-line streaming for programmatic consumption
`/health`	Health check endpoint — returns `200 OK`

Web UI Preview

Mar 29 14:32:07 web-01 nginx: 192.168.1.10 - - "GET /api/users HTTP/1.1" 200 1423
Mar 29 14:32:08 web-01 nginx: 192.168.1.15 - - "POST /api/login HTTP/1.1" 200 89
Mar 29 14:32:09 web-01 nginx: 192.168.1.22 - - "GET /api/dashboard HTTP/1.1" 200 4501
Mar 29 14:32:10 web-01 nginx: 10.0.0.5 - - "GET /api/health HTTP/1.1" 503 0
Mar 29 14:32:11 web-01 app: [INFO] reconnecting to database...
Mar 29 14:32:12 web-01 app: [INFO] database connection restored
Mar 29 14:32:13 web-01 nginx: 192.168.1.10 - - "GET /api/health HTTP/1.1" 200 2

Features

🔍 Search & Filter

Full-text search with keyword highlighting. Filter log lines in real time without stopping the stream.

⏸️ Pause / Resume

Pause the stream to inspect a specific section. New lines buffer and appear when you resume.

📜 Auto-Scroll

Automatically scrolls to the latest line. Scroll up to pause, click "Resume" to jump back to live.

📡 SSE Streaming

The /stream endpoint delivers lines via Server-Sent Events for programmatic consumers.

🔐 Basic Auth

Protect with --basic-auth user:pass. Always use TLS when exposing over the internet.

📄 Plain Text API

/raw returns plain text — curl friendly, pipe to grep or jq.

Use Cases

Remote log monitoring — Watch production logs from any browser without SSH access.
CI/CD debugging — Stream build logs from a runner to a shareable URL.
Team collaboration — Share a live log URL with a colleague debugging the same issue.
IoT device logs — Stream logs from Raspberry Pi or edge devices behind NAT.
Customer support — Provide a temporary log view to help customers diagnose issues.

Flags

Flag	Default	Description
`--lines, -n`	`100`	Number of lines to read from end of file
`--basic-auth`		Protect with HTTP Basic Auth (`user:pass`)
`--name`		Custom agent name (otherwise auto-generated)

💡 Security Note

The file path is fixed at startup — clients cannot read arbitrary files. Without --basic-auth, the log content is publicly accessible to anyone with the URL. Log files may contain sensitive data; audit the file content before exposing it.

Remote log monitoring in one command

Stream any log file to a searchable web UI. No SSH, no VPN — just nfltr tail.

Get Started CLI Reference →