4 Ways to Watch or Monitor Log Files in Real Time

How can I see the content of a log file in real time in Linux? Well there are a lot of utilities out there that can help a user to output the content of a file while the file is changing or continuously updating. Some of the most known and heavily used utility to display a file content in real time in Linux is the tail command (manage files effectively).

Read Also: 4 Good Open Source Log Monitoring and Management Tools for Linux

1. tail Command – Monitor Logs in Real Time

As said, tail command is the most common solution to display a log file in real time. However, the command to display the file has two versions, as illustrated in the below examples.

In the first example the command tail needs the -f argument to follow the content of a file.

$ sudo tail -f /var/log/apache2/access.log
Monitor Apache Logs in Real Time
Monitor Apache Logs in Real Time

The second version of the command is actually a command itself: tailf. You won’t need to use the -f switch because the command is built-in with the -f argument.

$ sudo tailf /var/log/apache2/access.log
Real Time Apache Logs Monitoring
Real Time Apache Logs Monitoring

Usually, the log files are rotated frequently on a Linux server by the logrotate utility. To watch log files that get rotated on a daily base you can use the -F flag to tail command.

Read Also: How to Manage System Logs (Configure, Rotate and Import Into Database) in Linux

The tail -F will keep track if new log file being created and will start following the new file instead of the old file.

$ sudo tail -F /var/log/apache2/access.log

However, by default, tail command will display the last 10 lines of a file. For instance, if you want to watch in real time only the last two lines of the log file, use the -n file combined with the -f flag, as shown in the below example.

$ sudo tail -n2 -f /var/log/apache2/access.log
Watch Last Two Lines of Logs
Watch Last Two Lines of Logs

2. Multitail Command – Monitor Multiple Log Files in Real Time

Another interesting command to display log files in real time is multitail command. The name of the command implies that multitail utility can monitor and keep track of multiple files in real time. Multitail also lets you navigate back and forth in the monitored file.

To install mulitail utility in Debian and RedHat based systems issue the below command.

$ sudo apt install multitail   [On Debian & Ubuntu]
$ sudo yum install multitail   [On RedHat & CentOS]
$ sudo dnf install multitail   [On Fedora 22+ version]

To display the output of two log file simultaneous, execute the command as shown in the below example.

$ sudo multitail /var/log/apache2/access.log /var/log/apache2/error.log
Multitail Monitor Logs
Multitail Monitor Logs

3. lnav Command – Monitor Multiple Log Files in Real Time

Another interesting command, similar to multitail command is the lnav command. Lnav utility can also watch and follow multiple files and display their content in real time.

To install lnav utility in Debian and RedHat based Linux distributions by issuing the below command.

$ sudo apt install lnav   [On Debian & Ubuntu]
$ sudo yum install lnav   [On RedHat & CentOS]
$ sudo dnf install lnav   [On Fedora 22+ version]

Watch the content of two log files simultaneously by issuing the command as shown in the below example.

$ sudo lnav /var/log/apache2/access.log /var/log/apache2/error.log
lnav - Real Time Logs Monitoring
lnav – Real Time Logs Monitoring

4. less Command – Display Real Time Output of Log Files

Finally, you can display the live output of a file with less command if you type Shift+F.

As with tail utility, pressing Shift+F in a opened file in less will start following the end of the file. Alternatively, you can also start less with less +F flag to enter to live watching of the file.

$ sudo less +F  /var/log/apache2/access.log
Watch Logs Using Less Command
Watch Logs Using Less Command

That’s It! You may read these following articles on Log monitoring and management.

  1. Manage Files Effectively using head, tail and cat Commands in Linux
  2. How to Setup and Manage Log Rotation Using Logrotate in Linux
  3. Petiti – An Open Source Log Analysis Tool for Linux SysAdmins
  4. How to Query Audit Logs Using ‘ausearch’ Tool on CentOS/RHEL
  5. Manage Log Messages Under Systemd Using Journalctl [Comprehensive Guide]

In this article, we showed how to watch data being appended in log files in real-time on the terminal in Linux. You can ask any questions or share your thoughts concerning this guide via the comment form below.

If you read this far, tweet to the author to show them you care. Tweet a thanks
Matei Cezar
I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

11 thoughts on “4 Ways to Watch or Monitor Log Files in Real Time”

  1. For the exercise i wrote small node utility that does the same thing as tail -f f1 f2 f3.

    Splex: npmjs.com/package/splex

    The main “upgrade” is that lines are color coded per file name, and that you can have table-like interface.

    Another improvement, actually main reason I wrote this, is the ability to have .splexrc.json files in different folders, so instead having to type tail -f f1 f2 f3 in one folder, then different files in other, you can write .splexrc.json file in root of your project and just type splex without file list arguments and it automatically stream relevant logs you enumerated in config file.

    Reply
  2. Hi, i am new to Linux admin. When I type the following command in my terminal its shows that NO SUCH FILE AND DIRECTORY.

    $ sudo tail -f /var/log/apache2/access.log
    

    Also when I typed the following command, it’s shows same result NO SUCH FILE AND DIRECTORY.

    $ sudo tail -f /var/log/syslog
    

    What should I do now?

    Please help

    Thank you

    Reply
    • @Kunal,

      To have this file (/var/log/apache2/access.log) accessible, you need to have Apache installed and running on your system. To view syslog files, you can launch GUI Log File Viewer from the Ubuntu dash.

      To view logs from terminal, you can use dmesg as shown.

      $ dmesg
      $ dmesg | grep something
      
      Reply
        • @Kunal,

          Could you check that the service syslog is running using following command.

          $ service syslog status
          

          If it is not running, then re-configure it using following command.

          $ sudo dpkg-reconfigure inetutils-syslogd
          
          Reply
  3. There should only be ONE systemlog to go look in. The plethora of logs merely serve to obscure an investigation.

    In which case the log-tool would be (smart) filter functions

    Reply
  4. have been using multitail for quite a while.

    But can i ask which font you are using and how did you set that syntax highlighting.

    Reply

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.