How To Monitor Events in Real Time on Linux
In this tutorial, we explain how to monitor events in real time on Linux through different commands.
Monitor Events in Real Time with TAIL
This command allows us to display on the screen the last lines of a file. By default, the last 10 lines are displayed, but this number may vary depending on the user’s indicated specifications.
Its syntax is the following:
tail -options file
There it will be possible to specify one or more files simultaneously if more than one file is specified, these files will be displayed in the same order in which they were specified in the command.
The use of this command has two main alternatives:
With the first option, the tail command will need the -f argument to follow the contents of a file.
sudo tail -f (File)
In this case, we will execute the following line:
sudo tail -f /etc/passwd
The second option of the command is its original syntax: tailf, with this option it will not be necessary to use the -f switch because the command is incorporated with the -f argument.
sudo tailf /etc/passwd
Typically, log files are frequently rotated on a Linux server using the logrotate utility. To see the log files that are rotated on a daily basis, we can use the -F (flag to tail.) Command:
sudo tail -F /etc/passwd
The tail -F parameter will track if a new log file is being created and will begin to follow the new file instead of the previous file.
By default, the tail command will display the last 10 lines of a file. If we want to see in real time only the previous two lines of the log file, we can use the file -n combined with the -f flag as follows:
sudo tail -n2 -f /etc/passwd
Monitor Events in Real Time with MULTITAIL
MultiTail is an open source utility which can be used to display multiple log files to the standard output in a single window or a single shell that displays the last lines of log files in real time, similar to the tail command, which divides the console into more subwindows.
Multitail also supports color highlighting, filtering, adding and removing windows and much more.
To install this utility, we can execute the following commands based on the used distro:
sudo apt install multitail ( Debian / Ubuntu ) sudo yum install multitail ( RedHat / CentOS ) sudo dnf install multitail ( Fedora 22 and higher )
To show the output of two log files simultaneously, we will use the following syntax:
sudo multitail (path1) (path2) sudo multitail /etc/passwd /var/log/syslog
We can see details of each of the arguments we have indicated.
Monitor Events in Real Time with LNAV
Lnav (Log File Navigator) is an advanced small-scale log file viewer, through which it will be possible to view and analyze the log files from a terminal.
Lnav does not require a server of its own or a complicated configuration. For installation, we can use one of the following commands:
sudo apt install lnav ( Debian / Ubuntu ) sudo yum install lnav ( RedHat / CentOS ) sudo dnf install lnav ( Fedora 22 and later )
With lnav it will be possible to analyze the contents of two log files simultaneously with the following syntax:
sudo lnav (path1) (path2)
In this case:
sudo lnav /etc/passwd /var/log/syslog
There we will find all the detailed information of each record.
Monitor Events in Real Time with LESS
With the less command, it will be possible to show the output in real time of the selected log files.
For this visualization, we can access the file and press the Shift + F keys to see its contents.
Alternatively, it will also be possible to use less + F to enter the live view of the file:
sudo less +F /etc/passwd
We have seen the different alternatives to access and monitor events in real time in Linux environments simply and functionally.