Hacker News new | comments | show | ask | jobs | submit login
Ways to Tail a Log File on Windows and Linux (stackify.com)
28 points by spo81rty on Feb 17, 2013 | hide | past | web | favorite | 28 comments

I prefer tailing logs with less (rather than tail) so that the file is searchable (using '/ searchterm'). Then if you start following the file (using 'F'), your search term will be highlighted in the followed file.

+1. You can even

    alias ltail="less -Ri +F"
so you don't have to remember to hit 'F'.

(I generally add -Ri: -R to pass through unprintable characters to avoid borking coloured output; -i so searches are case-insensitive.)

This. I've been evangelising using less over tail for a couple of years now. Search (& corresponding highlighting as new lines appear) and the ability to pause/resume is awesome.

Thank you for making me aware of this! This is very handy and indeed more comfortable than pure tail.

One thing I've found useful on linux is the following:

    $ tail -qFn0 /log/dir/*
This will (q)uietly tail all matching files, initially printing 0 lines (n) from each, and (F)ollow any renames/reopenings. It's great when you have many timestamped log files in a directory, and you can't be bothered to work out what the current files are each time.

You will only ever see lines from after you run the command.

Of course the power of stringing together some pipelines really makes the case for tail under Unix e.g. tail -F /var/log/messages | grep IMPORTANT-STRING or tail -F /var/log/messages | grep -v UNINTERESTING-STRING mix-and-match etc.

And don't forget highlighting key phrases: tail -f blah.log |egrep --color=always "key phrase in red|$"

More likely one will want to tail (unix) with the -F, over -f, so that logs -- files -- that are rotated out will continue the tail on the log that replaces those that rotate out.

To quickly spot the important error/warning etc. log messages from log files full of verbose debug messages, try the Prism log colouring app I wrote in Python for this purpose: https://github.com/peterhil/prism

I use this at work, usually combined with tail: tail -f /some/logs/*.log | prism

There is also a -w option if you have watchdog library installed. Works only when given directories for now, because of the design of watchdog. (This should be fixed to work properly when given individual files.)

The author left out my favorite: less. Pressing F at the end of a file is the same as tail -f, with the important difference that you can always press Ctrl-C and go back to standard less mode in case something interesting flies by.

Well tailing logs in one way to tackle the problem, but have very limited scalability. We have just two eyes and our attention is very expensive.

To tackle more logs well we need also searching, SQL-like aggregation and some analytics. I would recommend trying Sumo Logic which provide SaaS to do that: http://www.sumologic.com/ 500MB/day is free (disclaimer: I work there)

Instead of `tail-mode` in emacs, I prefer the `auto-revert-tail` minor mode that has the ability to display the file in its entirely as well as tail a file. Makes searching for an expression a lot easier, for example.

> BareTail ... Free demo.

One BareTail version is a 'Free Version' (free as in free beer) not just a demo. http://www.baremetalsoft.com/baretail/

If you are using a tail that does not have the -f flag (On debian-based systems, the shell you can drop into on install is like this), then you can combine tail with watch to get something close to tail -f.

    watch -n 2 tail $FILE
Of course, you will almost never come across an implementation of tail that does not include the -f flag.

I was surprised to learn than Notepad++ had a plugin to auto-refresh files.

surprising . no one mentioned mtail for windows..very nice tail utility on Windows. http://ophilipp.free.fr/op_tail.htm

... and dozens of other logfile viewers.

The article gives a vim plugin, but what about emacs? (I'm a vim user, but I've come to expect an emacs equivalent)

Emacs has auto-revert-tail-mode.

Thanks added emacs to the list!

If someone knows how to tail -f and then clear the screen when using X11's xterm, that would be most helpful.

Might you re-phrase the question? tail -f won't stop so when do you want the screen to clear?

I clear the screen with control + lowercase L, if I understand your question correctly.

It sounds like you might like to use tail in conjunction with `watch`

Consider following files with less.

Less' F command is fantastic. Great lead! I didn't find anything in the man pages for less to somehow 'clear' the screen while tailing. Here is my pickle: I use xmonad under Mac OS X and it in turn uses xterm. CTRL^L does not clear the screen (helpful for a dev I have to say) -- maybe some key binding limitations there; not sure. Is there a way with less to do so when emulating tail -f ?

tail, etc is of course also available on Windows via Cygwin.

Posix subsytem as well, which requires a trip to add/remove features panel in latest versions.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact