multitail

#########

multitail /var/log/syslog /var/log/messages

scroll back with b

scroll with errors

—————————

HARDCORRE:

http://www.pantz.org/software/multitail/multitailconfig.html

————————–

http://www.ubuntugeek.com/multitail-view-multiple-logfiles-windowed-on-console.html

Multitail Examples

No examples of coloring are given as that is configurable via the onfiguration file. Also for mostcommonly used files color schemes have already been designed.

Merge 2 logfiles in one window:

multitail /var/log/apache2/access.log -I /var/log/apache2/error.log

Show 3 logfiles in 2 columns:

multitail -s 2 /var/log/apache2/access.log /var/log/messages /var/log/mail.log

Show 5 logfiles while merging 2 and put them in 2 columns with only one in the left column:

multitail -s 2 -sn 1,3 /var/log/apache2/access.log -I /var/log/apache2/error.log /var/log/messages \ /var/log/mail.log /var/log/syslog

Merge the output of 2 ping commands while removing “64 bytes received from” from only 1 of them:

multitail -l “ping 192.168.0.1″ -ke “64 bytes from” -L “ping 192.168.0.2″

Show the output of a ping-command and if it displays a timeout, send a message to all users currently logged in

multitail -ex timeout “echo timeout | wall” -l “ping 192.168.0.1″

In one window show all new TCP connections and their state changes using netstat while in the other window displaying the merged access and error logfiles of apache

multitail -R 2 -l “netstat -t” /var/log/apache2/access.log -I /var/log/apache/error.log

As the previosu example but also copy the output to the file netstat.log

multitail -a netstat.log -R 2 -l “netstat -t tcp” /var/log/apache2/access.log -I /var/log/apache2/error.log

Show 2 logfiles merged in one window but give each logfile a different color so that you can easily see what lines are for what logfile:

multitail -ci green /var/log/apache2/access.log -ci red -I /var/log/apache2/error.log

Show a Squid (proxy server) logfile while converting timestamps to something readable

multitail -cv squid /var/log/squid/access.log

Display Q-Mail logging while converting the timestamp into human readable format

multitail -cv qmailtimestr /var/log/qmail/qmail.smtpd.log

——————————

http://www.vanheusden.com/multitail/examples.php

Examples

No examples of coloring are given as that is configurable via the configurationfile. Also for most

commonly used files color schemes have already been designed.

Merge 2 logfiles in one window:

multitail /var/log/apache/access.log -I /var/log/apache/error.log

Show 3 logfiles in 2 columns:

multitail -s 2 /var/log/apache/access.log /var/log/messages /var/log/mail.log

Show 5 logfiles while merging 2 and put them in 2 columns with only one in the left column:

multitail -s 2 -sn 1,3  /var/log/apache/access.log -I /var/log/apache/error.log /var/log/messages \

                        /var/log/mail.log /var/log/syslog

Merge the output of 2 ping commands while removing “64 bytes received from” from only 1 of them:

multitail -l “ping 192.168.0.1” -ke “64 bytes from” -L “ping 192.168.0.2”

Show the output of a ping-command and if it displays a timeout, send a message to all users

currently logged in

multitail -ex timeout “echo timeout | wall” -l “ping 192.168.0.1”

In one window show all new TCP connections and their state changes using netstat while in

the other window displaying the merged access and error logfiles of apache

multitail -R 2 -l “netstat -t” /var/log/apache/access.log -I /var/log/apache/error.log

As the previosu example but also copy the output to the file netstat.log

multitail -a netstat.log -R 2 -l “netstat -t tcp” /var/log/apache/access.log -I /var/log/apache/error.log

Show 2 logfiles merged in one window but give each logfile a different color so that you

can easily see what lines are for what logfile:

multitail -ci green /var/log/apache/access.log -ci red -I /var/log/apache/error.log

Show 3 rssfeeds merged in one window using rsstail

multitail -cS rsstail -l “rsstail -n 1 -z -l -d -u http://setiathome.berkeley.edu/rss_main.php” \

-cS rsstail -L “rsstail -n 1 -z -l -d -u http://www.biglumber.com/index.rss” -cS rsstail \

-L “rsstail -n 1 -z -l -u http://kernel.org/kdist/rss.xml”

Show a Squid (proxy server) logfile while converting timestamps to something readable

multitail -cv squid /var/log/squid/access.log

Display Q-Mail logging while converting the timestamp into human readable format

multitail -cv qmailtimestr /var/log/qmail/qmail.smtpd.log

Merge ALL apache logfiles (*access_log/*error_log) into one window:

multitail -cS apache –mergeall /var/log/apache/*access_log –no-mergeall -cS apache_error \

–mergeall /var/log/apache/*error_log –no-mergeall

Monitor the logfile of an other system:

For this you need to setup a couple of things. MultiTail runs on system A, the logfile on system B.

In this example we’re going to monitor the apache logfile. Add the following to /etc/services:

apachelog       20000/tcp

Add this to /etc/inetd.conf:

apachelog stream tcp nowait root /usr/local/sbin/tail_apache_log /usr/local/sbin/tail_apache_log

and create the file /usr/local/sbin/tail_apache_log with the following content:

#!/bin/sh

/usr/bin/tail -f /var/log/apache2/access.log

make sure that you don’t forget to make that script executable (chmod +x filename).

Then on host A start MultiTail like this:

multitail -cS apache -l “telnet B 20000”

Please note that logfiles go in plaintext across the network. You may also need to adjust

the files /etc/hosts.[allow|deny] on host B to only allow host A to connect.

Monitoring Tomcat

multitail -cS apache -cS log4j “${TOMCAT_HOME}/logs/catalina.out”

——————————

http://www.tldp.org/LDP/LG/issue95/vanheusden.html

An introduction to MultiTail

Introduction

What is MultiTail?

MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). Merging of 2 or even more logfiles is possible. It can also use colors while displaying the logfiles (through regular expressions), for faster recognition of what is important and what not. It can also filter lines (again with regular expressions). It has interactive menus for editing given regular expressions and deleting and adding windows. One can also have windows with the output of shell scripts and other software. When viewing the output of external software, MultiTail can mimic the functionality of tools like ‘watch’ and such.

Why this text?

When you start multitail without any parameters, it clears the screen and shows a couple of keys you can press together with a short explanation what they do. You can then press any of those keys or ‘x’, ‘q’ or ‘CTRL’+’C’ to exit the program. If you like to know what commandlineparameters can be given, start multitail with the ‘-h’ parameter.

The “help” that is given with the methods described above might not be sufficient, that’s why this text was written. If there is still anything not clear after reading this, do not hesitate to contact me at the following e-mail address: folkert@vanheusden.com

The Basics

The most trivial use of MultiTail is as follows:

multitail [-i] file

This shows the file ‘file’ in your terminal-window. At the bottom, a line (the statusline) is displayed with the name of the file, its size and the date/time of when the last time the file changed. You can make this status- line static (not updated) with the ‘-d’ commandline parameter. With ‘-D’ no statusline is displayed at all.

You only need to specify the ‘-i’ when the filename starts with a dash (‘-‘). Something a little more complex is this:

multitail [-i] file1 [-i] file2

This splits your terminalwindow in two windows. In each window, one file is displayed. Both windows have a statusline giving info. The window with ‘file1’ is displayed above the window with ‘file2’. Instead of above each other, you can also have them displayed side by side. For that, you can enter the parameter ‘-s’ on the commandline or press the ‘v’ key while the program is running.

Scrolling

Of course you can scroll in the shown files. For that, press the ‘b’ key. When you’re viewing multiple files, you’ll first get a fileselector. Then a window is displayed with the buffered contents of the selected file (=window). You can then scroll with the cursorkeys and the page-up and pagedown key. Press ‘x’ or ‘q’ to exit this window. You cannot scroll the whole file, only the last 100 lines. To reset this limit to something bigger (or smaller), press the ‘m’ key. You will then be asked to enter a new value, e.g. 1000. This parameter can also be set from the commandline with the ‘-m value’ parameter. With ‘-m’ you set the limit for the next file, with ‘-M value’ you’ll set this parameter for all following files on the commandline. When you press the ‘m’-key, the current buffer is cleared. So it is also a replacement for pressing the enter key a few times when using ‘tail -f’ to view a file.

Merging Files

Then there’s the ‘-I’ commandline parameter. It is the same as ‘-i’, only ‘-I’ merges two or more files together. For example:

multitail [-i] file1 -I file2

a reallife example:

multitail /var/log/apache/access.log -I /var/log/apache/error.log

These two examples will merge the output of the given files into one window. This can be usefull with, for example, the files given in the second example: with this example you see what happend just before an error appeared in the Apache errorlog.

Viewing Output of External Programs

As I mentioned in the foreword, one can not only view files with MultiTail, also the output of other programs (scripts/executables/etc.) can be put inside one or more windows. To make this happen, you need to use the ‘-l’ switch. For example:

multitail -l ls

another example:

multitail -l “ping localhost”

As you can see, you need to add doublequotes around the command when it needs parameters, otherwhise MultiTail would not be able to recognize what parameters are intended for the selected program or for MultiTail itself.

You might have tried the example with the ls-command. You then saw that MultiTail automatically closes the window when the external command has finished. There are a few options you can use to control this behaviour. For example the ‘-z’ parameter: when given, the window is just closed, the screen redrawed and MultiTail goes on without the popup window telling you that the program ended.

Another option is: ‘-r interval’: this will cause the command to be run every ‘interval’ seconds. Instead of ‘-r interval’ also the ‘-R interval’ option is available: when fed to MultiTail, it makes it run the next command with an interval of ‘interval’ seconds displaying only the difference with the previous run of the command! So if you run MultiTail like this:

multitail -R 3 -l “netstat -p tcp”

you will see state-changes for every TCP-connection: new connections and connections getting closed.

As with ‘-I file’, ‘-L command’ also merges the output of the external command to the previous file or command. Yes: output of commands can be safely merged with logfiles. Multiple commands, multiple logfiles, most things you can think of are possible.

Colors

When you have been watching logfiles scrolling by, it can get a little though after a while to still recognize what is important and what not. Because of that, MultiTail has the ability to display logfiles in color. When you give the ‘-c’ parameter, the next given file or command is showed in color. It decides what color to use by looking at the whole log-line. If you want it to only use at the programname causing that logline (when monitoring syslog logfiles for example), you can use the ‘-cs’ switch. The last option is the ‘-cS colorscheme’ switch. As parameter it needs the name of a colorscheme. The colorschemes are read from multitail.conf. In multitail.conf you set by entering regular expressions what color to use for what “patterns”. By default, MultiTail looks for multitail.conf in the current directory and in the /etc directory. With the ‘-z’ parameter you can explicitly define what file it should use.

An example:

colorscheme:postfix

cs_re:yellow:status=sent

cs_re:magenta:queue active

The first line names the current colorscheme. The ‘cs_re’-lines define combinations of regular expressions and a color. With the first ‘cs_re’- line you define that if MultiTail encounters the string ‘status=sent’ in a logline that it should print it in the color yellow. The next line defines that the string ‘queue active’ must be printed in magenta. Another example, a little more complex:

colorscheme:syslog

cs_re:green:\[|\]

cs_re:blue:^… .. ..:..:..

The first ‘cs_re’-line sets all occurences of ‘[‘ or ‘]’ to green and all lines starting with a date in the format ‘Mon DD HH:MM:SS’ in blue. For more details on regular expressions: o’Reilly has few books on this topic.

One last thing on colors: if you use ‘-C’ (uppercase ‘C’) instead of ‘-c’, all following files will use the parameters you specify at that time, unless you override them with a new ‘-cx’ or ‘-Cx’ parameter.

Filtering using regular expressions

For filtering MultiTail uses regular expressions. To keep things simple, it uses them the exact same way as ‘grep’ does: ‘-e’ says: a regular expression follows and ‘-v’ says: invert it.

Examples:

multitail -e “gnu-pop3d” /var/log/messages

multitail -v -e “ssh” -v -e “gnu-pop3d” -e “localhost” /var/log/messages

The first example shows only lines from /var/log/messages which have the string “gnu-pop3d” somewhere in them. The second example only shows lines which do not have the string “ssh” and not have the string “gnu-pop3d” and DO HAVE the string “localhost” in them.

Miscellaneous Options

There are a few other options not fitting elsewhere, these are:

-f This makes MultiTail follow the file. In case the original file gets renamed and a new file is created with the original filename, MultiTail will start watching the file with the original filename (the one you entered).

-u seconds When using MultiTail over a slow link (a modem connection or maybe even over HAM) you might want to have a little less frequent updates. With this parameter you set how frequently MultiTail updates the screen. The default is immediately.

-H interval If you have a connection to some host (on which you’re using MultiTail) which gets automatically disconnected when nothing happens for a while, you can use ‘-H’. When used, MultiTail moves the cursor around the screen generating traffic, keeping your line up.

-V In case you’re wondering what version of MultiTail you’re using, you can start it with the ‘-V’ option. It’ll then display its version and exit. You can also press the ‘i’ key while it is running.