Follow log files in real time: tail -f

If you don't know this command by know you might be quite new to the Unix / Linux world. Tail is a classic Unix command. It can be used to show last n lines of a log file. But the command really comes to live, when adding the -f parameter. Try:

tail -f /var/log/apache/access.log.

Tail will stick to the log file and print out lines written to the log file as they are written. Very useful. Tail can even be used for multiple files at once. Just use an asterisk like:

tail -f /var/log/apache/*

However: tail does not take a -r parameter for recursive. Often I want to follow all my log files in /var/log at once. Including log files stored in sub directories. Fortunately the command xargs can be used for a workaround. Xargs can be used for building command lines from standard input. We just need to find the regular files we want to follow:

find  /var/log -type f | xargs tail -f -n 0

So what happens here? find locates all regular files in /var/log and prints the list of files to stdout. Xargs reads the list of files from stdin and append the list of files as parameters to tail -f -n 0. As simple as that! Or you can just use the command anyway, if it doesn't make sense.

The above command is often one of the first I execute, when I log into a server running Linux. I just let tail live in a terminal session of its own for real time monitoring and start up yet another session to perform my work. Heck - I can even see myself logging in in the tail session terminal, as it is logged. Have a look at the screenshot below.

Watch changes interactively as they happen

Unix and Linux commands are often non-interactive. They perform  actions and return the prompt. The watch command can re-run commands at certain intervals, which can be quite useful. For instance you want to see a file manager kind of view of a directory as files are added or deleted - or simple to see files grow or shrink, while they are being changed over time:

watch -n 2 ls -l

This will re-run ls -l every 2 seconds. And changes are quite visible, as they will make a disturbance on a somewhat static screen. If you want to make sure changes are visible, just add the -d parameter, and changes from last run will be highlighted.

In one case I find watch especially useful: Working with iptables. Often one wants to know if a certain table or rule is hit, when a packet is injected. Of course it is possible to insert the same rule with a -j log statement just before the actual rule. But I find it even easier to use the counters to see if a certain rule is actually hit. And combined with watch, it is actually pretty easy to get a real time overview of your firewall rules and packets hitting them. Just try:

watch -d iptables -L -v

The below screenshot shows my firewall rules as they are being put to use. Notice the highlights of the changed counters:

Watch for silence

This feature however requires a Linux graphics user interface. I prefer KDE over other desktop environments. The KDE applications gives me a lot of cool utilities with a variety of cool features. One of my favourite applications from KDE is the terminal emulator, konsole.

Konsole has a lot of nice features. One of them being: "Monitor for silence". One might want to compile a large software package, minimize the Window. But still wants to be notified when the compile job is done. And that's when the terminal turns silent.


And just below: Monitor for activity. It can be used for almost the same thing. For instance if one is copying a large set of files non interactively. When cp is done, it will jump to a new line. And that's an activity.

I do hope you find this post a little useful