One of the best practices that we as IT support personnel can carry out is to create periodic tasks where you can review all the events that occur in the operating system..
This is functional since an event gives us indicators such as:
- Date and time of the event
- Event type and ID and more.
With this information, the support tasks become a much more centralized point and easier to manage since we have control over everything that happens within it and that can affect its optimal performance and security. We can see that we have various tools and applications at our disposal to carry out this process, but today getFastAnswer will analyze in detail some of the most practical options for analyzing and knowing the content of an event in real time.
1. Monitor events in real time on Linux with Tail command
This command allows us to display the last lines of a file on the screen. By default the last 10 lines are displayed, but this number may vary depending on the user's specified specifications.
Its syntax is as follows:
tail -file options
There it will be possible to specify one or more files simultaneously, in case more than one file is specified, these files will be displayed in the same order in which they were specified in the command.
The use of this command has two main alternatives:
Option 1
With the first option, the tail command will need the -f argument to follow the contents of a file.
sudo tail -f (File)
In this case we will execute the following line:
sudo tail -f / etc / passwd
Option 2
The second option of the command is basically its original syntax: tailf, with this option it will not be necessary to use the -f modifier because the command is incorporated with the -f argument.
sudo tailf / etc / passwd
Log files are typically rotated frequently on a Linux server using the logrotate utility. To see the log files that are rotated on a daily basis, we can use the -F (flag to tail.) Command:
sudo tail -F / etc / passwd
The tail -F parameter will track if a new log file is being created and will start following the new file instead of the old file.
By default, the tail command will display the last 10 lines of a file. If we want to see in real time only the last two lines of the log file, we can use the -n file combined with the -f flag as follows:
sudo tail -n2 -f / etc / passwd
2. Monitor events in real time on Linux with Multitail command
MultiTail is an open source ncurses utility which can be used to display multiple log files to standard output in a single window or a single shell that displays the last few lines of log files in real time, similar to the tail command. , which divides the console into more sub-windows.
Multitail also supports color highlighting, filtering, adding and removing windows, and much more..
Within its characteristics we have
- Color display with regular expression for important information
- Interactive menus to remove and add shells.
To install this utility we can execute the following commands based on the used distro:
sudo apt install multitail (Debian / Ubuntu) sudo yum install multitail (RedHat / CentOS) sudo dnf install multitail (Fedora 22 and higher versions)
To show the output of two log files simultaneously, we will use the following syntax:
sudo multitail (Route1) (Route2) sudo multitail / etc / passwd / var / log / syslog
The result will be as follows. We can see details of each of the arguments that we have indicated.
3. Monitor events in real time on Linux with lnav command
Lnav (Log File Navigator) is a small scaled advanced log file viewer, through which it will be possible to view and analyze log files from a terminal.
Lnav does not require its own server or complex configuration. For its installation we can use any of the following commands:
sudo apt install lnav (Debian / Ubuntu) sudo yum install lnav (RedHat / CentOS) sudo dnf install lnav (Fedora 22 and later)
With lnav it will be possible to parse the contents of two log files simultaneously with the following syntax:
sudo lnav (Route 1) (Route 2)
In this case:
sudo lnav / etc / passwd / var / log / syslog
There we will find all the detailed information of each record.
4. Monitor events in real time on Linux with less command
With the less command it will be possible to display the output in real time of the selected log files. For this visualization, we can access the file and press the Shift + F keys to see its contents. Alternatively, it will also be possible to use less + F to enter the live view of the file:
sudo less + F / etc / passwd
We have seen the various alternatives to access and monitor events in real time in Linux environments in a simple and functional way..
