6 Ways to View or Monitor Linux Log Files in Real-Time

Most of the log files in Linux can be found in “/var/log” directory.

You can use the ls command to list all log files.

Most applications keep their log files right here, and only a few applications keep their log files with their directory.

When you have a problem with any application, reading real-time logging can help you to easily fix it.

There are a number of applications for this purpose, and we are going to list some of the commands that enable users to read real-time logs in the Linux system.

When you use these app, it works just like real-time monitoring.

If you frequently visit Linux man pages, the following article will surely help you.

tail is one of the most widely used commands by the Linux administrator for this purpose.

1) How to View or Monitor Linux Log Files in Real Time Using the tail Command

The tail command is used to print the last part of the file. By default this shows the last 10 lines of a given file. The “-f” option is used to append data as the file grows in real-time.

# tail -f /usr/local/apache/domlogs/2daygeek.com

172.69.54.64 - - [17/Oct/2019:07:32:26 +0000] "GET /install-enable-epel-repository-on-rhel-centos-scientific-linux-oracle-linux/ HTTP/1.1" 200 14957 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)"
162.158.158.160 - - [17/Oct/2019:07:32:35 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 102 "https://www.2daygeek.com/wp-admin/post.php?post=1903&action=edit" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
162.158.165.213 - - [17/Oct/2019:07:32:37 +0000] "GET /wp-content/uploads/2014/12/uninstall-oracle-java-openjdk-on-linux.png HTTP/1.1" 304 - "-" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
172.69.135.59 - - [17/Oct/2019:07:32:38 +0000] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
162.158.167.117 - - [17/Oct/2019:07:32:39 +0000] "POST /wp-cron.php?doing_wp_cron=1571297559.8601169586181640625000 HTTP/1.1" 200 20 "https://www.2daygeek.com/wp-cron.php?doing_wp_cron=1571297559.8601169586181640625000" "WordPress/5.2.4; https://www.2daygeek.com"
108.162.250.76 - - [17/Oct/2019:07:32:40 +0000] "GET /wp-content/uploads/2018/12/Check-CPU-And-HDD-Temperature-In-Linux.png HTTP/1.1" 200 27050 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
108.162.246.174 - - [17/Oct/2019:07:32:39 +0000] "GET /install-papirus-icon-theme-in-linux-mint-ubuntu-fedora-manjaro/ HTTP/1.1" 301 20 "-" "Mediapartners-Google"
108.162.249.29 - - [17/Oct/2019:07:32:41 +0000] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
162.158.106.175 - - [17/Oct/2019:07:32:42 +0000] "GET /install-papirus-icon-theme-in-linux-mint-ubuntu-fedora-manjaro/ HTTP/1.1" 200 14898 "-" "Mediapartners-Google"
162.158.238.113 - - [17/Oct/2019:07:32:42 +0000] "GET /how-to-find-wwn-wwnn-and-wwpn-number-of-hba-card-in-linux/ HTTP/1.1" 200 15513 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
172.69.39.11 - - [17/Oct/2019:07:32:44 +0000] "GET /how-to-add-additional-ip-secondary-ip-in-ubuntu-debian-system/ HTTP/1.1" 200 17017 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
172.69.39.9 - - [17/Oct/2019:07:32:45 +0000] "GET /wp-includes/css/dist/block-library/style.min.css?ver=5.2.4 HTTP/1.1" 304 - "https://www.2daygeek.com/how-to-add-additional-ip-secondary-ip-in-ubuntu-debian-system/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"

Alternatively, you can use another version of the tail command called “tailf” and it does not require the “-f” option because it is configured.

# tailf /usr/local/apache/domlogs/2daygeek.com

108.162.246.240 - - [17/Oct/2019:07:32:15 +0000] "GET /cockpit-monitor-administer-multiple-remote-linux-servers-via-web-browser/ HTTP/1.1" 200 16090 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
162.158.154.50 - - [17/Oct/2019:07:32:16 +0000] "GET /install-phpmyadmin-on-cetnos-rhel-fedora HTTP/1.1" 301 20 "-" "Mozilla/5.0 (compatible; GrapeshotCrawler/2.0; +http://www.grapeshot.co.uk/crawler.php)"
162.158.159.47 - - [17/Oct/2019:07:32:18 +0000] "GET /install-phpmyadmin-on-cetnos-rhel-fedora/ HTTP/1.1" 200 14405 "-" "Mozilla/5.0 (compatible; GrapeshotCrawler/2.0; +http://www.grapeshot.co.uk/crawler.php)"
172.68.206.5 - - [17/Oct/2019:07:32:18 +0000] "GET /install-papirus-icon-theme-in-linux-mint-ubuntu-fedora-manjaro HTTP/1.1" 301 20 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/36.0.1985.143 Safari/537.36"
172.69.134.10 - - [17/Oct/2019:07:32:18 +0000] "GET /mytop-monitor-mysql-mariadb-performance-linux/ HTTP/1.1" 200 16651 "https://www.google.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
162.158.158.160 - - [17/Oct/2019:07:32:20 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 102 "https://www.2daygeek.com/wp-admin/post.php?post=1903&action=edit" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
172.69.134.106 - - [17/Oct/2019:07:32:23 +0000] "POST /wp-cron.php?doing_wp_cron=1571297543.1548700332641601562500 HTTP/1.1" 200 20 "https://www.2daygeek.com/wp-cron.php?doing_wp_cron=1571297543.1548700332641601562500" "WordPress/5.2.4; https://www.2daygeek.com"
141.101.77.105 - - [17/Oct/2019:07:32:22 +0000] "GET /how-to-check-whether-a-port-is-open-on-the-remote-linux-system-server/ HTTP/1.1" 200 15288 "https://www.google.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
141.101.77.105 - - [17/Oct/2019:07:32:24 +0000] "GET /how-to-check-whether-a-port-is-open-on-the-remote-linux-system-server/ HTTP/1.1" 200 15390 "https://www.google.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
172.69.54.64 - - [17/Oct/2019:07:32:26 +0000] "GET /install-enable-epel-repository-on-rhel-centos-scientific-linux-oracle-linux/ HTTP/1.1" 200 14957 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)"
162.158.158.160 - - [17/Oct/2019:07:32:35 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 102 "https://www.2daygeek.com/wp-admin/post.php?post=1903&action=edit" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"

2) How to Watch or Monitor Linux Log Files in Real-Time Using the journalctl Command

The journalctl command is used to query systemd journal (logs). It was retrieved from several sources such as kernel, user processes, standard output and standard error output of system services.

These logs are collected and written by the systemd-journald service, which is responsible for it.

The output are colored according to priority: lines of level ERROR and higher are colored red; lines of level NOTICE and higher are highlighted; lines of level DEBUG are colored lighter grey; other lines are displayed normally.

# journalctl -f

-- Logs begin at Wed 2019-10-16 13:59:59 UTC. --
Oct 17 05:36:35 ns1.nsforcdn.com kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.237.66.163 DST=94.237.67.254 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=12203 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0 
Oct 17 05:36:36 ns1.nsforcdn.com sshd[26612]: Invalid user stress from 80.211.129.34 port 57780
Oct 17 05:36:36 ns1.nsforcdn.com sshd[26612]: input_userauth_request: invalid user stress [preauth]
Oct 17 05:36:36 ns1.nsforcdn.com sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
Oct 17 05:36:36 ns1.nsforcdn.com sshd[26612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.34
Oct 17 05:36:38 ns1.nsforcdn.com sshd[26612]: Failed password for invalid user stress from 80.211.129.34 port 57780 ssh2
Oct 17 05:36:38 ns1.nsforcdn.com sshd[26612]: Received disconnect from 80.211.129.34 port 57780:11: Bye Bye [preauth]
Oct 17 05:36:38 ns1.nsforcdn.com sshd[26612]: Disconnected from 80.211.129.34 port 57780 [preauth]
Oct 17 05:36:41 ns1.nsforcdn.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=be:de:32:a3:38:a5:28:99:3a:41:cb:0d:08:00 SRC=45.136.109.237 DST=94.237.66.163 LEN=40 TOS=0x00 PREC=0x20 TTL=246 ID=13871 PROTO=TCP SPT=40734 DPT=9144 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 17 05:36:41 ns1.nsforcdn.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=be:de:32:a3:38:a5:28:99:3a:41:c9:e5:08:00 SRC=120.132.3.65 DST=94.237.66.163 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=34439 PROTO=TCP SPT=57841 DPT=15904 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 17 05:36:47 ns1.nsforcdn.com dhclient[3462]: DHCPREQUEST on eth0 to 94.237.67.254 port 67 (xid=0x7311995d)
Oct 17 05:36:47 ns1.nsforcdn.com dhclient[3462]: send_packet: Operation not permitted
Oct 17 05:36:47 ns1.nsforcdn.com dhclient[3462]: dhclient.c:2717: Failed to send 300 byte long packet over fallback interface.
Oct 17 05:36:47 ns1.nsforcdn.com kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.237.66.163 DST=94.237.67.254 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=19879 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0 

3) How to View or Monitor Linux Log Files in Real-Time Using the less Command

less is a free, open-source file pager. less command allows you to quickly view the file contents on screen from top to bottom using UP & DOWN arrow keys or Page UP & Page Down button.

# less +F /usr/local/apache/domlogs/2daygeek.com

4) How to Watch or Monitor Linux Log Files in Real-Time Using the multitail Command

MultiTail command allows you to monitor multiple log files output in multiple windows in a terminal simultaneously, colorize, filter and merge.

# multitail /var/log/dpkg.log /var/log/syslog

5) How to View or Monitor Linux Log Files in Real-Time Using the lnav Command

lnav is a ncurses-based advanced log file viewer for Linux. All log file contents are merged into a single view based on message timestamps.

The color bars on the left-hand side help to show which file a message belongs to.

# lnav /var/log/dpkg.log /var/log/syslog

6) How to Watch or Monitor Linux Log Files in Real-Time Using the watch Command

watch runs command repeatedly, displaying its output and error in fullscreen. This allows you to watch the program output change over time. By default, command is run every 2 seconds and watch will run until interrupted.

# watch tail -n 10 /usr/local/apache/domlogs/2daygeek.com

About Magesh Maruthamuthu

Love to play with all Linux distribution

View all posts by Magesh Maruthamuthu

Leave a Reply

Your email address will not be published. Required fields are marked *