How can I see the content of a log file in real time in Linux? Well there are a lot of utilities out there that can help a user to output the content of a file while the file is changing or continuously updating. Some of the most known and heavily used utility to display a file content in real time in Linux is the tail command (manage files effectively).
Read Also: 4 Good Open Source Log Monitoring and Management Tools for Linux
1. tail Command – Monitor Logs in Real Time
As said, tail command is the most common solution to display a log file in real time. However, the command to display the file has two versions, as illustrated in the below examples.
In the first example the command tail needs the -f argument to follow the content of a file.
$ sudo tail -f /var/log/apache2/access.log
The second version of the command is actually a command itself: tailf. You won’t need to use the -f switch because the command is built-in with the -f argument.
$ sudo tailf /var/log/apache2/access.log
Usually, the log files are rotated frequently on a Linux server by the logrotate utility. To watch log files that get rotated on a daily base you can use the -F flag to tail command.
Read Also: How to Manage System Logs (Configure, Rotate and Import Into Database) in Linux
The tail -F will keep track if new log file being created and will start following the new file instead of the old file.
$ sudo tail -F /var/log/apache2/access.log
However, by default, tail command will display the last 10 lines of a file. For instance, if you want to watch in real time only the last two lines of the log file, use the -n file combined with the -f flag, as shown in the below example.
$ sudo tail -n2 -f /var/log/apache2/access.log
2. Multitail Command – Monitor Multiple Log Files in Real Time
Another interesting command to display log files in real time is multitail command. The name of the command implies that multitail utility can monitor and keep track of multiple files in real time. Multitail also lets you navigate back and forth in the monitored file.
To install mulitail utility in Debian and RedHat based systems issue the below command.
$ sudo apt install multitail [On Debian & Ubuntu] $ sudo yum install multitail [On RedHat & CentOS] $ sudo dnf install multitail [On Fedora 22+ version]
To display the output of two log file simultaneous, execute the command as shown in the below example.
$ sudo multitail /var/log/apache2/access.log /var/log/apache2/error.log
3. lnav Command – Monitor Multiple Log Files in Real Time
Another interesting command, similar to multitail command is the lnav command. Lnav utility can also watch and follow multiple files and display their content in real time.
To install lnav utility in Debian and RedHat based Linux distributions by issuing the below command.
$ sudo apt install lnav [On Debian & Ubuntu] $ sudo yum install lnav [On RedHat & CentOS] $ sudo dnf install lnav [On Fedora 22+ version]
Watch the content of two log files simultaneously by issuing the command as shown in the below example.
$ sudo lnav /var/log/apache2/access.log /var/log/apache2/error.log
4. less Command – Display Real Time Output of Log Files
Finally, you can display the live output of a file with less command if you type Shift+F.
As with tail utility, pressing Shift+F in a opened file in less will start following the end of the file. Alternatively, you can also start less with less +F flag to enter to live watching of the file.
$ sudo less +F /var/log/apache2/access.log
That’s It! You may read these following articles on Log monitoring and management.
- Manage Files Effectively using head, tail and cat Commands in Linux
- How to Setup and Manage Log Rotation Using Logrotate in Linux
- Petiti – An Open Source Log Analysis Tool for Linux SysAdmins
- How to Query Audit Logs Using ‘ausearch’ Tool on CentOS/RHEL
- Manage Log Messages Under Systemd Using Journalctl [Comprehensive Guide]
In this article, we showed how to watch data being appended in log files in real-time on the terminal in Linux. You can ask any questions or share your thoughts concerning this guide via the comment form below.
Thanks for the great article…
By the way, I also want to know which font you are using:)
apachetop is a tool to aim for the same.
For the exercise i wrote small node utility that does the same thing as
tail -f f1 f2 f3.Splex: npmjs.com/package/splex
The main “upgrade” is that lines are color coded per file name, and that you can have table-like interface.
Another improvement, actually main reason I wrote this, is the ability to have
.splexrc.jsonfiles in different folders, so instead having to typetail -f f1 f2 f3in one folder, then different files in other, you can write.splexrc.jsonfile in root of your project and just typesplexwithout file list arguments and it automatically stream relevant logs you enumerated in config file.Hi, i am new to Linux admin. When I type the following command in my terminal its shows that NO SUCH FILE AND DIRECTORY.
Also when I typed the following command, it’s shows same result NO SUCH FILE AND DIRECTORY.
What should I do now?
Please help
Thank you
@Kunal,
To have this file (/var/log/apache2/access.log) accessible, you need to have Apache installed and running on your system. To view syslog files, you can launch GUI Log File Viewer from the Ubuntu dash.
To view logs from terminal, you can use dmesg as shown.
@Ravi,
Thanks for the reply
When I typed dmesg command it opens something but not log file.
@Kunal,
Could you check that the service syslog is running using following command.
If it is not running, then re-configure it using following command.
You forgot the watch command.
There should only be ONE systemlog to go look in. The plethora of logs merely serve to obscure an investigation.
In which case the log-tool would be (smart) filter functions
“tailf” command is deprecated, see below :
https://manpages.debian.org/testing/util-linux/tailf.1.en.html
have been using multitail for quite a while.
But can i ask which font you are using and how did you set that syntax highlighting.