multitail command

Most of the times if you want to tail an multiple log files you have to open a multiple putty connections to the server and little bit difficult to watch the logs and arranging the multiple windows / terminals. This problem is no more we can view a multiple logs files and multiple command outputs in a single terminal using multitail command .

display log files in colors scroll back in a log file search inside log file merge multiple log files effectively

More Detailed description

MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). It can also monitor wildcards: if another file matching the wildcard has a more recent modification date, it will automatically switch to that file. That way you can, for example, monitor a complete directory of files. Merging of 2 or even more logfiles is possible. It can also use colors while displaying the logfiles (through regular expressions), for faster recognition of what is important and what not. It can also filter lines (again with regular expressions). It has interactive menus for editing given regular expressions and deleting and adding windows. One can also have windows with the output of shell scripts and other software. When viewing the output of external software, MultiTail can mimic the functionality of tools like ‘watch’ and such.

Installation process

Installing the multitail command in your *nix environment prerequisite is ncurses should be there. Install ncurses

RHEL / Centos / Fedora

~]# yum install -y multitail

On Ubuntu / Debian / Linux Mint

$ sudo apt-get update $ sudo apt-get install multitail

All other *nix operating systems

IRIX users ---------- Use: make -f makefile.irix install AIX users --------- Make sure you have the GNU c-compiler installed. Then run: make install HP-UX users ----------- You need the ncurses library! Then: make -f makefile.hpux install Solaris users ------------- One needs at least version 7 of Solaris. Use: make -f makefile.solaris_gcc install or make -f makefile.solaris_sunwspro install (depending on the compiler you use). Mac OS X users: -------------- Use: make -f makefile.macosx install

Install multitail using external source package

Download multitail source code

RHEL / Centos / Fedora

[root@NagiosServer tmp]# pwd /tmp [root@NagiosServer tmp]# ls multitail-6.4.2.tgz [root@NagiosServer tmp]# tar -xzvf multitail-6.4.2.tgz multitail-6.4.2/ multitail-6.4.2/config.h multitail-6.4.2/makefile.cross-arm-linux multitail-6.4.2/mem.c multitail-6.4.2/stripstring.h [root@NagiosServer multitail-6.4.2]# make install [root@NagiosServer multitail-6.4.2]# mkdir -p /etc/multitail/ [root@NagiosServer multitail-6.4.2]# cp multitail.conf /etc/multitail.conf.new cp: overwrite `/etc/multitail.conf.new'? y [root@NagiosServer multitail-6.4.2]# cp conversion-scripts/* /etc/multitail/ cp: overwrite `/etc/multitail/colors-example.pl'? y cp: overwrite `/etc/multitail/colors-example.sh'? y cp: overwrite `/etc/multitail/convert-geoip.pl'? y cp: overwrite `/etc/multitail/convert-simple.pl'? y

1. How to view multiple commands output

Here in this example i would like to ping multiple hosts yet a time using multitail command. we have to -l option to add multiple commands / logs.

~]# multitail -l "ping localhost" -l "ping google.com"

2. How to monitor multiple log files in single window

~]# multitail /var/log/messages /var/log/dmesg

Above command will display both the log files output in single window

3. How to monitor multiple log files with colors

~]# multitail -ci red /var/log/messages -ci green /var/log/dmesg

Using above command we can define the colors for each log file, option we have to use -ci ColorName

4. Monitor multiple log files as multiple columns

~]# multitail -s 2 /var/log/messages /var/log/dmesg

5. Monitor number of lines with mentioned scroll buffer

~]# multitail -n 10 -m 1000 /var/log/messages /var/log/dmesg

using above command we can define the number lines to monitor and scroll buffer size.

6. Filtering using regular expressions

For filtering MultiTail uses regular expressions. To keep things simple, it uses them the exact same way as ‘grep’ does: ‘-e’ says: a regular expression follows and ‘-v’ says: invert it. Since version 3.5.0 this has changed somewhat: if you want to match the lines that do NOT have a certain pattern, use -ev.

Examples:

multitail -e "gnu-pop3d" /var/log/messages multitail -v -e "ssh" -v -e "gnu-pop3d" -e "localhost" /var/log/messages

The first example shows only lines from /var/log/messages which have the string “gnu-pop3d” somewhere in them. The second example only shows lines which do not have the string “ssh” and not have the string “gnu-pop3d” and DO HAVE the string “localhost” in them.

conclusion

We can monitor the multiple logs / commands output in a single window using multitail command.

Complete man page is below

multitail [-cs|-Cs|-c-] [-i] inputfile [-i anotherinputfile] [...] *** selecting files to follow *** -i x the following parameter is a filename (in case it starts with a dash) -I x like -i only this one merges this logfile into the previous window -q x z check every x seconds for new files by search criteria z, create a new window for those -qs x y z check every x seconds for new files by search criteria z, create a new window for those, use color scheme y -Q x z check every x seconds for new files by search criteria z, put them all in the same window (using subwindows) -Qs x y z check every x seconds for new files by search criteria z, put them all in the same window (using subwindows), use color scheme y -iw file i check every 'i' seconds if 'file' appeared in the filesystem --new-only (for -q/-Q) only create windows for files created after multitail was started, existing files are ignored -f follow the following filename, not the descriptor (e.g. when logrotate archives logfiles) --follow-all see -f: for all files after this switch --retry keep trying to open the following file until it is accessible --retry-all like --retry but for all following files *** selecting command output to follow *** -l x parameter is a command to be executed -L x see -l but merge the output to a previously created window -r interval restart the command when it terminated after `interval' seconds -R interval like -r, but only show the differences -Rc/-rc interval like -r/-R but clean the window before each iteration -j read from STDIN (can be used only once) -J like -j but merge into previous window --listen [interface]:port behave like a syslog server. port is normally 514 --Listen [interface]:port like --listen but merge into previous window *** merge parameters *** --mergeall merge all of the following files into the same window (in the previous window) --mergeall-new merge all of the following files into the same window (in a new window) --no-mergeall stop merging all files into one window --no-repeat suppress repeating lines and replace them with a "last message repeated x times" *** markers *** --mark-interval x when nothing comes in, print a '---mark---' line every 'x' seconds --mark-change when multiple files are merged an multitail switches between two windows, print a markerline with the filename --no-mark-change do NOT print the markerline when the file changes (overrides the configuration file) *** initial tail / scrollback parameters *** -n x initial number of lines to tail -m x set scrollback buffer size (# lines) -mb x set scrollback buffer size (in bytes, use xKB/MB/GB) -bw a/f what to buffer: 'a'll or what went through the 'f'ilter *** "tee" functionality *** -a x like 'tee': write (filtered) input to file 'x' -A x see -a: but write the unfiltered(!) input to file 'x' -g x redirect the input also (filtered) to command/process 'x' -G x redirect the unfiltered input also to command/process 'x' *** screen layout *** -s x vertical split screen (in 'x' columns) -sw x,x,... at what columns to split the screen, use '0' for automatic size -sn x,x,... number of windows per column -wh x height of window *** filtering *** -fr scheme use the predefined filter from the configuration file -e[m] print only when matching with this regexp -ev print only when NOT matching with this regexp -ec use regular expression but display the matches inverted on following file -eC use regexp, display everything but matches inverted on following file -ex execute command ('-ex regexp command') when matches, matching line is given as commandline parameter -eX like -ex but only give the matching substring as commandline parameter to the command -E use regular expression on following files -Ec use regular expression but display the matches inverted on following files -EC use regexp, display everything but matches inverted on following files -ke x strip parts of the input using regular expression 'x' -kr x y strip parts of the input starting at offset x and ending (not including!) offset y -kc x y strip parts of the input: strip column 'y' with delimiter 'x' -ks x use edit scheme 'x' (defined in configuration file) -kS x only show the substrings matched by the substring-selects (the parts between '(' and ')') in the regular epxression 'x' -v invert next regular expression (do not use with -ev/em) *** colors *** -cv x use conversion scheme 'x' (see multitail.conf) -c colorize current -cS scheme use color scheme 'scheme' (as defined in multitail.conf) -csn extra switch for the following switches; do not use reverse (inverted) colors -Cs colorize all following files with syslog-scheme -C colorize all following files -Cf/-cf field delimiter colorize next/all file(s) depending on the given field number. fields are delimited with the given field-delimiter -ci color use 'color' (red, green, etc), usefull when merging multiple inputs -c- do NOT colorize the following file -C- do NOT colorize the following files -cT term interpret terminal-codes from file/command (for terminal type 'term') -Z color set color for markerline -w do not use colors *** timestamps *** -ts add a timestamp (format configurable in multitail.conf) before each line -T put a timestamp in markerlines *** status line parameters *** -d do NOT update the status-line -D do not display a status-line at all -du put the statusline above the data window *** status line parameters *** -z do not show "window closed" pop-ups -x str show "str" in the xterm title bar -t x display 'x' in the window-title (when MultiTail runs in an xterm) -u set update interval (for slow links) *** input text handling *** -p x [y] set linewrap (l=left/a=all/r=right/s=syslog,S=syslog w/o procname,o=offset -> 'y',w=wordwrap) -P like -p but for all following files -b n set TAB-width --cont reconnect lines with a '' at the end *** line prefixes *** --basename only display the filename (and not the path) in the statusline --label x put in front of each line -S prepend show subwindow number in merged output *** configuration file *** -F file use 'file' as configuration file (instead of /etc/multitail.conf) --no-load-global-config do not read /etc/multitail.conf -o config_file_parameter do a setting which would normally be set in the configuration file *** monitoring *** -H x show heartbeat (to keep your sessions alive) --beep-interval x beep every x lines processed --bi x like '--beep-interval' but only for current (sub-)window --closeidle x close windows when more then 'x' seconds no new data was processed *** miscellaneous *** -V show version and exit -h this help You can have multiple regular expressions per file/command. Be warned: if you define multiple and one of them is specified with '-E' (=for every following file), _all_ of the current regular expressions are for all following files!