How to Monitor Log Files in Real Time in Linux [Desktop and Server]

3 min


This tutorial explains how you can monitor Linux log files (desktop, server or applications) in real time for diagnosis and troubleshooting purpose.

When you ran into problems in your Linux desktop, or server or any application, you first look into the respective log files. The log files are generally a stream of text and messages from applications with a timestamp attached to it. It helps you to narrow down specific instances and helps you find the cause of any problem. It can also help to get assistance from the web as well.

In general, all log files are located in /var/log. This directory contains log files with extension .log for specific applications, services, and it also contains separate other directories which contains their log files.

log files in var-log
log files in var-log

So, that said, if you want to monitor a bunch of log files Or, a specific one – here’s are some ways how you can do it.

Monitor Log Files in real time – Linux

Using tail command

Using the tail command is the most basic way of following a log file in real time. Specially, if you are in a server with only just a terminal, no GUI. This is very helpful.

Examples:

Basic Syntax

tail /path/to/log/file

Usage

Monitoring multiple log files via tail
Monitoring multiple log files via tail

Use the switch -f to follow the log file, which updates in real time. For example, if you want to follow syslog, you can use the following command.

tail -f /var/log/syslog

You can monitor multiple log files using a single command using –

tail -f /var/log/syslog /var/log/dmesg

If you want to monitor http or sftp or any server, you can also their respective log files in this command.

Remember, above commands requires admin privileges.

Using lnav (The Logfile Navigator)

lnav Running
lnav Running

The lnav is a nice utility which you can use to monitor log files in a more structured way with color coded messages. This is not installed by default in Linux systems. You can install it using the below command:

sudo apt install lnav (Ubuntu)
sudo dnf install lnav (Fedora)

The good thing about lnav is, if you do not want to install it, you can just download its pre-compiled executable and run in anywhere. Even from a USB stick. No setup is required, plus loaded with features. Using lnav you can query the log files via SQL among other cool features which you can learn on it official website.

SEE ALSO:   This App is An Advanced Log File Viewer - lnav

Once installed, you can simply run lnav from terminal with admin privilege, and it will show all the logs from /var/log by default and start monitoring in real time.

A note about journalctl of systemd

All modern Linux distributions today use systemd, mostly. The systemd provides basic framework and components which runs Linux operating system in general. The systemd provides journal services via journalctl which helps to manage logs from all systemd services. You can also monitor respective systemd services and logs in real time using the following command.

journalctl -f

Here are some of the specific journalctl commands which you can use for several cases. You can combine these with -f switch above to start monitoring in real time.

  • To emergency system messages use
journalctl -p 0
  • Show errors with explanations
journalctl -xb -p 3
  • Use time controls to filter out
journalctl --since "2020-12-04 06:00:00"
journalctl --since "2020-12-03" --until "2020-12-05 03:00:00"
journalctl --since yesterday
journalctl --since 09:00 --until "1 hour ago"

If you want to learn more about and want to find out details about journalctl – I have written a guide here.

Closing Notes

I hope these commands and tricks helps you find out the root cause of your problem/errors in your desktop or servers. For more details, you can always refer to the man pages and play around with various switches. Let me know using the comment box below, if you have any comments or what do you think about this article.

Cheers.


We bring the latest tech, software news and stuff that matters. Stay in touch via Telegram, Twitter, YouTube, and Facebook and never miss an update!

Join our Telegram channel and stay informed on the move.

Also Read


Like it? Share with your friends!

Arindam

Creator of debugpoint.com. All time Linux user and open-source supporter. Connect with me via Telegram, Twitter, LinkedIn, or send us an email.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
2
0
Would love your thoughts, please comment.x
()
x