How to observe or monitor log files in Debian 10

s2 0

What are Linux Log Files?

Log files are simple text files that contain a series of records, events, or messages about the server, applications, and services running on your Linux operating system. They are used by system administrators to troubleshoot problems when they encounter a problem.

On Linux, the log files are generally categorized as follows.

  • Application logs
  • Event logs
  • Service logs
  • System logs

On Linux there are many log files located in the / var / log / directory. Monitoring them all is a tedious task. However, the following critical files need to be monitored.

  • / var / log / syslog
  • / var / log / messages
  • /var/log/auth.log
  • / var / log / safe
  • /var/log/boot.log
  • / var / log / dmesg
  • /var/log/kern.log
  • / var / log / faillog
  • / var / log / cron
  • /var/log/mail.log
  • /var/log/apache2/error.log
  • /var/log/mysql.log

In this article, we’re going to explore different methods that can be used to view or monitor log files in real time. We ran all commands under Debian 10.

requirements

For this tutorial you will need:

  • A user account with root rights

View log files

Use tail command

The tail is one of the most common commands used to view a log. It prints the last few lines of the log file to a console, 10 lines by default.

The general syntax of the command is as follows.

tail

For example,

tail /var/log/syslog

Below is the sample output with the last 10 lines of a syslog file.

However, if you want to see the specific lines of the end of the log file, e.g. For example, 5 lines, you can use the -n option as follows.

tail -n 5 /var/log/syslog

Below is the sample output.advertising

If you are tracking a log file and want to print the new messages as they are logged in real time, you can use the -f option with the command example above.

tail -f -n 5 /var/log/syslog

Continuously display the last 5 lines of a log file

As soon as a new line is added to the log file, it is printed together with the 4 lines above it.

To close the terminal, press Ctrl + c on your keyboard.

Using the multitail command

The multitail command allows you to monitor and view the contents of multiple log files in real time on a console in a single window. The multitail command is not built into Debian 10. So open Terminal and issue the following command with root privileges to install it.

apt-get install multitail

Below is the sample output.

Install the multitail command

The general syntax of the multitail command is as follows:

Multitail filename 1 filename 2

Assuming you have two log files / var / log / syslog and /var/log/kern.log and you want to multitail their contents on the console, the full command should look like this.

multitail /var/log/syslog /var/log/kern.log

Below is the sample output.

Display multiple log files at the same time with Multitail

You can use this command to monitor the contents of multiple log files in real time. For example, the following screenshot shows the contents of the four log files / var / log / syslog, /var/log/kern.log, /var/log/daemon.log and var / log / messages.

2 Display log files

By default, the multitail command displays the contents of log files horizontally. If you want to display the files vertically in columns, you can use the -s switches as follows.

Assuming you want to display the contents of log files vertically in two columns, the full command should look like this.

multitail -s 2 /var/log/syslog, /var/log/kern.log, /var/log/daemon.log and var/log/messages

Below is the sample output.

Multitail example

You can also navigate through the files. Press ‘b’ on the keyboard and scroll through to select the log file you want. You can view the last 100 lines of your selected file.

Below are the sample outputs.

Modify log file

Bring the log file to the foreground

Press Ctrl + g to cancel and return to the window with multiple log files.

You can also assign different colors to log files using the ci parameter so that you can easily distinguish them. The following is a good example

multitail -ci green /var/log/syslog -ci blue /var/log/messages

Below is the sample output.

Select the text color of the log file

The multitail command offers a lot. Press ‘h’ on your keyboard for help while the command is executed.

scroll with the cursor in the log file

Using the lnav command

The lnav command is similar to the multitail command and displays the contents of multiple log files in a single window. To install it on Debian, open Terminal and issue the following command with root privileges.

apt-get update lnav

Press ‘y’ on your keyboard when prompted. Wait for the command to finish.

Install lnav command

Unlike multitail or other commands, the lnav command consolidates the contents of log files and displays each line in a single window based on its date.

Below is the sample file. You can scroll through the window using the up, down, etc. keys on your keyboard.

Merge log file keys lnav

The general syntax of the command is as follows:

lnav

For example, suppose you want to view the log from syslog and daemon.log. Run the following command on the terminal.

lnav /var/log/syslog /var/log/messages

Below is the sample output.

Log files with lnav.  Show

If you don’t specify the file with the command, the syslog file opens by default.

Run the following command.

lnav

Below is the sample output.

Lnav example

You can also browse the log by pressing / on your keyboard when a command is executed. After pressing the / key, type the desired string you want to search and press Enter on the keyboard.

Suppose I am looking for the string ‘DHCPACK’ and it is highlighted in the window.

Below is the sample output.

Search for strings in the log file with the lnav command

You can also view the compressed log files (zip, gzip, bzip) with the -r option. Below is the full syntax.

lnav -r

Use less command

Less is another command used to monitor the output of a log file.

Below is the full syntax of the command.

less + F

For example, if you want to monitor the syslog file in the / var / log / syslog path, the full command should look like this.

less +F /var/log/syslog

Below is the sample output.

View log files with the less command

How to observe or monitor log files in Debian 10
Tags: