I prefer tailing logs with less (rather than tail) so that the file is searchable (using '/ searchterm'). Then if you start following the file (using 'F'), your search term will be highlighted in the followed file.
This. I've been evangelising using less over tail for a couple of years now. Search (& corresponding highlighting as new lines appear) and the ability to pause/resume is awesome.
One thing I've found useful on linux is the following:
$ tail -qFn0 /log/dir/*
This will (q)uietly tail all matching files, initially printing 0 lines (n) from each, and (F)ollow any renames/reopenings. It's great when you have many timestamped log files in a directory, and you can't be bothered to work out what the current files are each time.
You will only ever see lines from after you run the command.
Of course the power of stringing together some pipelines really makes the case for tail under Unix e.g. tail -F /var/log/messages | grep IMPORTANT-STRING or tail -F /var/log/messages | grep -v UNINTERESTING-STRING mix-and-match etc.
More likely one will want to tail (unix) with the -F, over -f, so that logs -- files -- that are rotated out will continue the tail on the log that replaces those that rotate out.
To quickly spot the important error/warning etc. log messages from log files full of verbose debug messages, try the Prism log colouring app I wrote in Python for this purpose:
https://github.com/peterhil/prism
I use this at work, usually combined with tail:
tail -f /some/logs/*.log | prism
There is also a -w option if you have watchdog library installed. Works only when given directories for now, because of the design of watchdog. (This should be fixed to work properly when given individual files.)
The author left out my favorite: less. Pressing F at the end of a file is the same as tail -f, with the important difference that you can always press Ctrl-C and go back to standard less mode in case something interesting flies by.
Well tailing logs in one way to tackle the problem, but have very limited scalability. We have just two eyes and our attention is very expensive.
To tackle more logs well we need also searching, SQL-like aggregation and some analytics. I would recommend trying Sumo Logic which provide SaaS to do that:
http://www.sumologic.com/
500MB/day is free (disclaimer: I work there)
Instead of `tail-mode` in emacs, I prefer the `auto-revert-tail` minor mode that has the ability to display the file in its entirely as well as tail a file. Makes searching for an expression a lot easier, for example.
If you are using a tail that does not have the -f flag (On debian-based systems, the shell you can drop into on install is like this), then you can combine tail with watch to get something close to tail -f.
watch -n 2 tail $FILE
Of course, you will almost never come across an implementation of tail that does not include the -f flag.
Less' F command is fantastic. Great lead! I didn't find anything in the man pages for less to somehow 'clear' the screen while tailing. Here is my pickle: I use xmonad under Mac OS X and it in turn uses xterm. CTRL^L does not clear the screen (helpful for a dev I have to say) -- maybe some key binding limitations there; not sure. Is there a way with less to do so when emulating tail -f ?
