Using tail to monitor log files
So, armed with the previous information and knowing that log files tend to describe events by specifying the time of occurrence, a level of severity, and a preordained message, the key to success in any troubleshooting scenario is based on an ability to work with these records and manipulate them in such a way that they provide us with the information we require to get the job done.
For the purpose of troubleshooting, one of the most useful commands you will use is known as tail
. A command-line expression that can be used to read the last lines of a log file is as follows:
# tail -n 100 /var/log/maillog
Similarly, tail
can also be used to obtain the most recently added lines like this:
# tail -f /var/log/maillog
Using this command not only gives you the most recent view of the log file in question, but also ensures that all updates are displayed immediately, which provides an instant way to read log files in a live environment. This approach can be described as the perfect way to troubleshoot Apache, Postfix, Nginx, MySQL, and the many other applications or services your server may be using.
For example, you can view the Apache access_log
like this:
# tail -f /var/log/httpd/access_log
To take this feature one step further, let's assume that you wanted to get the last 3,000 lines from a log file knowing that it will not fit within your shell window. To account for this requirement, you can pipe the results with the less
command like this:
# tail -n 3000 /var/log/messages | less
In this situation, you can now page the results as required, but having used this technique a few times, I think you would agree that this is far more flexible than using the generic cat
command; unless of course, you wanted to do something very specific.