4 Ways to Watch or Monitor Log Files in Real Time
How can I see the content of a log file in real time in Linux? Well there are a lot of utilities out there that can help a user to output the content of a file while the file is changing or continuously updating. Some of the most known and heavily used utility to display a file content in real time in Linux is the tail command (manage files effectively).
1. tail Command – Monitor Logs in Real Time
As said, tail command is the most common solution to display a log file in real time. However, the command to display the file has two versions, as illustrated in the below examples.
In the first example the command tail needs the
-f argument to follow the content of a file.
$ sudo tail -f /var/log/apache2/access.log
The second version of the command is actually a command itself: tailf. You won’t need to use the
-f switch because the command is built-in with the
$ sudo tailf /var/log/apache2/access.log
Usually, the log files are rotated frequently on a Linux server by the logrotate utility. To watch log files that get rotated on a daily base you can use the
-F flag to tail command.
tail -F will keep track if new log file being created and will start following the new file instead of the old file.
$ sudo tail -F /var/log/apache2/access.log
However, by default, tail command will display the last 10 lines of a file. For instance, if you want to watch in real time only the last two lines of the log file, use the
-n file combined with the
-f flag, as shown in the below example.
$ sudo tail -n2 -f /var/log/apache2/access.log
2. Multitail Command – Monitor Multiple Log Files in Real Time
Another interesting command to display log files in real time is multitail command. The name of the command implies that multitail utility can monitor and keep track of multiple files in real time. Multitail also lets you navigate back and forth in the monitored file.
To install mulitail utility in Debian and RedHat based systems issue the below command.
$ sudo apt install multitail [On Debian & Ubuntu] $ sudo yum install multitail [On RedHat & CentOS] $ sudo dnf install multitail [On Fedora 22+ version]
To display the output of two log file simultaneous, execute the command as shown in the below example.
$ sudo multitail /var/log/apache2/access.log /var/log/apache2/error.log
3. lnav Command – Monitor Multiple Log Files in Real Time
Another interesting command, similar to multitail command is the lnav command. Lnav utility can also watch and follow multiple files and display their content in real time.
To install lnav utility in Debian and RedHat based Linux distributions by issuing the below command.
$ sudo apt install lnav [On Debian & Ubuntu] $ sudo yum install lnav [On RedHat & CentOS] $ sudo dnf install lnav [On Fedora 22+ version]
Watch the content of two log files simultaneously by issuing the command as shown in the below example.
$ sudo lnav /var/log/apache2/access.log /var/log/apache2/error.log
4. less Command – Display Real Time Output of Log Files
Finally, you can display the live output of a file with less command if you type
As with tail utility, pressing
Shift+F in a opened file in less will start following the end of the file. Alternatively, you can also start less with less
+F flag to enter to live watching of the file.
$ sudo less +F /var/log/apache2/access.log
That’s It! You may read these following articles on Log monitoring and management.
- Manage Files Effectively using head, tail and cat Commands in Linux
- How to Setup and Manage Log Rotation Using Logrotate in Linux
- Petiti – An Open Source Log Analysis Tool for Linux SysAdmins
- How to Query Audit Logs Using ‘ausearch’ Tool on CentOS/RHEL
- Manage Log Messages Under Systemd Using Journalctl [Comprehensive Guide]
In this article, we showed how to watch data being appended in log files in real-time on the terminal in Linux. You can ask any questions or share your thoughts concerning this guide via the comment form below.