monitor log files in linux

How to Monitor Log Files in Real Time

Often you may need to monitor log files in real time. There are several utilities available to do this, most popular, being the tail command. In this article, we will look at how to monitor log files in real time. You can use these commands on almost every Linux distribution.


How to Monitor Log Files in Real Time

Here are the different ways to monitor log files in real time. Let us say your log file is located /etc/nginx/nginx-access.log.


1. Using tail command

Tail command allows you to easily monitor log files by displaying the most recent entries in it. It is a general purpose tool that lists file contents in reverse order.

You need to use tail command with -f option to view live contents of a file. Here is the command to view file in real-time.

$ sudo tail -f /etc/nginx/nginx-access.log

However, the above command will only show the latest 10 lines of your log file. So if you want to view more number of lines, such as, say 50, then use -n option followed by number of lines to be displayed.

Here is the command to display the last 50 lines of your log file, in real time.

$ sudo tail -n50 -f /etc/nginx/nginx-access.log

Please note, this command will run the foreground continuously and keep your terminal busy. If you want to stop real-time streaming of your log file, just enter Ctrl+C.

If you want to view multiple log files in one place, you can list the file paths one after the other in a space-separated manner. Here is the syntax.

$ tail -f <file1> <file2>

Here is an example to view 3 log files together.

$ sudo tail -f /etc/log/nginx1.access.log /etc/log/nginx2.access.log /etc/log/nginx3.access.log

It will list the output from each file separated neatly as shown

==> /etc/log/nginx1.access.log <==
things from log 1

==> /etc/log/nginx2.error.log <==
things from log 2

==> /etc/log/nginx3.access.log <==
new things from log 1


2. Using multitail command

You may also use multitail command in Linux to monitor multiple log files. Here is the command to install them.

$ sudo apt install multitail   [On Debian & Ubuntu]
$ sudo yum install multitail   [On RedHat & CentOS]
$ sudo dnf install multitail   [On Fedora 22+ version]

Here is how to monitor multiple log files by listing them one after the other separated by spaces, after multitail command.

$ sudo multitail -f /etc/log/nginx1.access.log /etc/log/nginx2.access.log /etc/log/nginx3.access.log


3. Using less command

Less command is generally used to view contents of a file one page at a time. You may also use it view files in live mode using +F option. Here is an example to start live viewing of file.

$ sudo less +F  /etc/log/nginx/nginx.access.log


4. Using lnav command

You may also use lnav command, like multitail, to track multiple log files at once. Here is the command to install it.

$ sudo apt install lnav   [On Debian & Ubuntu]
$ sudo yum install lnav   [On RedHat & CentOS]
$ sudo dnf install lnav   [On Fedora 22+ version]

Here is the command to monitor multiple files using lnav.

$ sudo lnav -f /etc/log/nginx1.access.log /etc/log/nginx2.access.log /etc/log/nginx3.access.log

In this article, we have looked several ways to monitor log files in real time. Tail command is the most common way to monitor log files due to its versatile options. But you may use others as per your requirement.

Also read:

Tail command to Check Log Files in Linux
How to Remove Unused Packages in Linux
How to Configure DNS Master-Slave Server in Linux
How to Restrict SFTP User to Specific Folder in Linux
How to Create Password Protected ZIP File in Linux

Leave a Reply

Your email address will not be published.