+5 votes
250 views
in Linux/Unix by (242k points)
reopened
How to monitor events in real time on Linux

1 Answer

+3 votes
by (1.6m points)
 
Best answer

1. Monitor events in real time on Linux with Tail command
2. Monitor events in real time on Linux with Multitail command
3. Monitor events in real time on Linux with lnav command
4. Monitor events in real time on Linux with less command

One of the best practices that we as IT support personnel can carry out is to create periodic tasks where you can review all the events that occur in the operating system..

 

This is functional since an event gives us indicators such as:

  • User who made the change
  • Date and time of the event
  • Event type and ID and more.

 

With this information, the support tasks become a much more centralized point and easier to manage since we have control over everything that happens within it and that can affect its optimal performance and security. We can see that we have various tools and applications at our disposal to carry out this process, but today getFastAnswer will analyze in detail some of the most practical options for analyzing and knowing the content of an event in real time.

 


1. Monitor events in real time on Linux with Tail command


This command allows us to display the last lines of a file on the screen. By default the last 10 lines are displayed, but this number may vary depending on the user's specified specifications.

 

Its syntax is as follows:

 tail -file options 
There it will be possible to specify one or more files simultaneously, in case more than one file is specified, these files will be displayed in the same order in which they were specified in the command.

 

The use of this command has two main alternatives:

 

Option 1

With the first option, the tail command will need the -f argument to follow the contents of a file.
 sudo tail -f (File) 
In this case we will execute the following line:
 sudo tail -f / etc / passwd 

image

 

Option 2

The second option of the command is basically its original syntax: tailf, with this option it will not be necessary to use the -f modifier because the command is incorporated with the -f argument.
 sudo tailf / etc / passwd 

image

 

Log files are typically rotated frequently on a Linux server using the logrotate utility. To see the log files that are rotated on a daily basis, we can use the -F (flag to tail.) Command:

 sudo tail -F / etc / passwd 
The tail -F parameter will track if a new log file is being created and will start following the new file instead of the old file.

 

By default, the tail command will display the last 10 lines of a file. If we want to see in real time only the last two lines of the log file, we can use the -n file combined with the -f flag as follows:

 sudo tail -n2 -f / etc / passwd 

image

 

 


2. Monitor events in real time on Linux with Multitail command


MultiTail is an open source ncurses utility which can be used to display multiple log files to standard output in a single window or a single shell that displays the last few lines of log files in real time, similar to the tail command. , which divides the console into more sub-windows.

 

Multitail also supports color highlighting, filtering, adding and removing windows, and much more..

 

Within its characteristics we have
  • Multiple input sources
  • Color display with regular expression for important information
  • Line filtering
  • Interactive menus to remove and add shells.

 

To install this utility we can execute the following commands based on the used distro:

 sudo apt install multitail (Debian / Ubuntu) sudo yum install multitail (RedHat / CentOS) sudo dnf install multitail (Fedora 22 and higher versions) 

image

 

To show the output of two log files simultaneously, we will use the following syntax:

 sudo multitail (Route1) (Route2) sudo multitail / etc / passwd / var / log / syslog 
The result will be as follows. We can see details of each of the arguments that we have indicated.

 

 

image

 


3. Monitor events in real time on Linux with lnav command


Lnav (Log File Navigator) is a small scaled advanced log file viewer, through which it will be possible to view and analyze log files from a terminal.

 

Lnav does not require its own server or complex configuration. For its installation we can use any of the following commands:

 sudo apt install lnav (Debian / Ubuntu) sudo yum install lnav (RedHat / CentOS) sudo dnf install lnav (Fedora 22 and later) 
image

 

With lnav it will be possible to parse the contents of two log files simultaneously with the following syntax:

 sudo lnav (Route 1) (Route 2) 
In this case:
 sudo lnav / etc / passwd / var / log / syslog 
image

 

There we will find all the detailed information of each record.

 


4. Monitor events in real time on Linux with less command


With the less command it will be possible to display the output in real time of the selected log files. For this visualization, we can access the file and press the Shift + F keys to see its contents. Alternatively, it will also be possible to use less + F to enter the live view of the file:
 sudo less + F / etc / passwd 
image

 

We have seen the various alternatives to access and monitor events in real time in Linux environments in a simple and functional way..

 


...