1. Home
  2. How To
  3. How to monitor log files in a Linux server
Searching...

How to monitor log files in a Linux server

Introduction

Most of the services running in a Linux server is configured to have a dedicated log file for that specific service. This is a handy feature with the Linux operating systems compared to the other OS products where readfg the log files are not that simple as compared to the Linux flavors. There are a handful of tools available for the users to manipulate and efficiently read the generated log files. We are going to discuss one such tools called tail which can help you to efficiently use this tool.

tail Command 

tail is a most widely used command to read a Linux log in real time. You can access the same server via different terminals and can use the top command to read the log file in one terminal and do you operations with the services in another terminal. This enables you the ability to see the service logs at the same time doing your operations on the respective service. Doing service level modifications while keeping its logs in monitoring is a best practice as you will be able to see the results of the modifications in the logs and revert the changes if the modifications make the service fail. General syntax of tail command is a noted below.

tail [OPTION]... [FILE]...

By default tail command will display the last 10 linus from the input file, you can use the command format as ‘tail -n file’ to get the last ‘n’ lines from the file.

tail -100  /var/log/maillog

 tailf  /var/log/maillog

# it will follow the maillog for any new entries to it and display them in terminal. You can use the command as tailf which can do the same job as ‘tail -f’

You can also use the grep command piped with tail to get only desired log output from the log file.

tail -f  /var/log/maillog  | grep -i error

 # this will output only the real time log entries from the maillog which have an ‘error’ keyword in it.

tail can be used in the below format to monitor all pop3 logins to a cPanel server in realtime.

Consider the scenario that you are receiving a high traffic to your server causing a server overload in it, tail can be used to monitor the access logs of all the domains at once and you can easily find the domain which receives an abusive traffic. This can be achieved by using tail as shown below.

tail -f  /usr/local/apache/domlogs/*
Updated on May 31, 2019

Was this article helpful?

Yes No

Related Articles