multitail command to view multiple logs in single terminal

 

multitail command

Most of the times if you want to tail an multiple log files you have to open a multiple putty connections to the server and little bit difficult to watch the logs and arranging the multiple windows / terminals. This problem is no more we can view a multiple logs files and multiple command outputs in a single terminal using multitail command .

  1. display log files in colors
  2. scroll back in a log file
  3. search inside log file
  4. merge multiple log files effectively

More Detailed description

   MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). It can also monitor wildcards: if another file matching the wildcard has a more recent modification date, it will automatically switch to that file. That way you can, for example, monitor a complete directory of files. Merging of 2 or even more logfiles is possible. It can also use colors while displaying the logfiles (through regular expressions), for faster recognition of what is important and what not. It can also filter lines (again with regular expressions). It has interactive menus for editing given regular expressions and deleting and adding windows. One can also have windows with the output of shell scripts and other software. When viewing the output of external software, MultiTail can mimic the functionality of tools like ‘watch’ and such.

Installation process

Installing the multitail command in your *nix environment prerequisite is ncurses should be there. Install ncurses

RHEL / Centos / Fedora

~]# yum install -y multitail

On Ubuntu / Debian / Linux Mint

$ sudo apt-get update
$ sudo apt-get install multitail

All other *nix operating systems

IRIX users
----------
Use: make -f makefile.irix install

AIX users
---------
Make sure you have the GNU c-compiler installed.
Then run: make install

HP-UX users
-----------
You need the ncurses library!
Then: make -f makefile.hpux install

Solaris users
-------------
One needs at least version 7 of Solaris.
Use:
make -f makefile.solaris_gcc install
or
make -f makefile.solaris_sunwspro install
(depending on the compiler you use).

Mac OS X users:
--------------
Use:  make -f makefile.macosx install

Install multitail using external source package

 Download multitail source code

RHEL / Centos / Fedora

[root@NagiosServer tmp]# pwd
/tmp
[root@NagiosServer tmp]# ls
multitail-6.4.2.tgz
[root@NagiosServer tmp]# tar -xzvf multitail-6.4.2.tgz
multitail-6.4.2/
multitail-6.4.2/config.h
multitail-6.4.2/makefile.cross-arm-linux
multitail-6.4.2/mem.c
multitail-6.4.2/stripstring.h
[root@NagiosServer multitail-6.4.2]# make install
[root@NagiosServer multitail-6.4.2]# mkdir -p /etc/multitail/
[root@NagiosServer multitail-6.4.2]# cp multitail.conf /etc/multitail.conf.new
cp: overwrite `/etc/multitail.conf.new'? y
[root@NagiosServer multitail-6.4.2]# cp conversion-scripts/* /etc/multitail/
cp: overwrite `/etc/multitail/colors-example.pl'? y
cp: overwrite `/etc/multitail/colors-example.sh'? y
cp: overwrite `/etc/multitail/convert-geoip.pl'? y
cp: overwrite `/etc/multitail/convert-simple.pl'? y

 

1. How to view multiple commands output

Here in this example i would like to ping multiple hosts yet a time using multitail command. we have to -l option to add multiple commands / logs.

~]# multitail -l "ping localhost" -l "ping google.com"

multitail command

2. How to monitor multiple log files in single window

 ~]# multitail /var/log/messages /var/log/dmesg

Above command will display both the log files output in single window

multitail command

 

3. How to monitor multiple log files with colors

~]# multitail -ci red /var/log/messages -ci green /var/log/dmesg

Using above command we can define the colors for each log file, option we have to use -ci ColorName

multitail command

4. Monitor multiple log files as multiple columns

~]# multitail -s 2 /var/log/messages /var/log/dmesg

side by side columns

 

5. Monitor number of lines with mentioned scroll buffer

~]# multitail -n 10 -m 1000 /var/log/messages /var/log/dmesg

using above command we can define the number lines to monitor and scroll buffer size.

6. Filtering using regular expressions

For filtering MultiTail uses regular expressions. To keep things simple, it uses them the exact same way as ‘grep’ does: ‘-e’ says: a regular expression follows and ‘-v’ says: invert it. Since version 3.5.0 this has changed somewhat: if you want to match the lines that do NOT have a certain pattern, use -ev.

Examples:

multitail -e "gnu-pop3d" /var/log/messages
multitail -v -e "ssh" -v -e "gnu-pop3d" -e "localhost" /var/log/messages

The first example shows only lines from /var/log/messages which have the string “gnu-pop3d” somewhere in them. The second example only shows lines which do not have the string “ssh” and not have the string “gnu-pop3d” and DO HAVE the string “localhost” in them.

conclusion

We can monitor the multiple logs / commands output in a single window using multitail command.

Complete man page is below

multitail [-cs|-Cs|-c-] [-i] inputfile [-i anotherinputfile] [...]

 *** selecting files to follow ***
-i x             the following parameter is a filename (in case it starts with a dash)
-I x             like -i only this one merges this logfile into the previous window

-q x z           check every x seconds for new files by search criteria z, create a new window for those
-qs x y z        check every x seconds for new files by search criteria z, create a new window for those, use color scheme y
-Q x z           check every x seconds for new files by search criteria z, put them all in the same window (using subwindows)
-Qs x y z        check every x seconds for new files by search criteria z, put them all in the same window (using subwindows), use color scheme y
-iw file i       check every 'i' seconds if 'file' appeared in the filesystem
--new-only       (for -q/-Q) only create windows for files created after multitail was started, existing files are ignored

-f               follow the following filename, not the descriptor (e.g. when logrotate archives logfiles)
--follow-all     see -f: for all files after this switch
--retry          keep trying to open the following file until it is accessible
--retry-all      like --retry but for all following files

 *** selecting command output to follow ***
-l x             parameter is a command to be executed
-L x             see -l but merge the output to a previously created window
-r interval      restart the command when it terminated after `interval' seconds
-R interval      like -r, but only show the differences
-Rc/-rc interval like -r/-R but clean the window before each iteration

-j               read from STDIN (can be used only once)
-J               like -j but merge into previous window

--listen [interface]:port behave like a syslog server. port is normally 514
--Listen [interface]:port like --listen but merge into previous window

 *** merge parameters ***
--mergeall       merge all of the following files into the same window (in the previous window)
--mergeall-new   merge all of the following files into the same window (in a new window)
--no-mergeall    stop merging all files into one window
--no-repeat      suppress repeating lines and replace them with a "last message repeated x times"

 *** markers ***
--mark-interval x when nothing comes in, print a '---mark---' line every 'x' seconds
--mark-change    when multiple files are merged an multitail switches between two windows, print a markerline with the filename
--no-mark-change do NOT print the markerline when the file changes (overrides the configuration file)

 *** initial tail / scrollback parameters ***
-n x             initial number of lines to tail
-m x             set scrollback buffer size (# lines)
-mb x            set scrollback buffer size (in bytes, use xKB/MB/GB)
-bw a/f          what to buffer: 'a'll or what went through the 'f'ilter

 *** "tee" functionality ***
-a x             like 'tee': write (filtered) input to file 'x'
-A x             see -a: but write the unfiltered(!) input to file 'x'
-g x             redirect the input also (filtered) to command/process 'x'
-G x             redirect the unfiltered input also  to command/process 'x'

 *** screen layout ***
-s x             vertical split screen (in 'x' columns)
-sw x,x,...      at what columns to split the screen, use '0' for automatic size
-sn x,x,...      number of windows per column
-wh x            height of window

 *** filtering ***
-fr scheme       use the predefined filter from the configuration file
-e[m]            print only when matching with this regexp
-ev              print only when NOT matching with this regexp
-ec              use regular expression but display the matches inverted on following file
-eC              use regexp, display everything but matches inverted on following file
-ex              execute command ('-ex regexp command') when matches, matching line is given as commandline parameter
-eX              like -ex but only give the matching substring as commandline parameter to the command
-E               use regular expression on following files
-Ec              use regular expression but display the matches inverted on following files
-EC              use regexp, display everything but matches inverted on following files
-ke x            strip parts of the input using regular expression 'x'
-kr x y          strip parts of the input starting at offset x and ending (not including!) offset y
-kc x y          strip parts of the input: strip column 'y' with delimiter 'x'
-ks x            use edit scheme 'x' (defined in configuration file)
-kS x            only show the substrings matched by the substring-selects (the parts between '(' and ')') in the regular epxression 'x'
-v               invert next regular expression (do not use with -ev/em)

 *** colors ***
-cv x            use conversion scheme 'x' (see multitail.conf)
-c               colorize current
-cS scheme       use color scheme 'scheme' (as defined in multitail.conf)
-csn             extra switch for the following switches; do not use reverse (inverted) colors
-Cs              colorize all following files with syslog-scheme
-C               colorize all following files
-Cf/-cf field delimiter colorize next/all file(s) depending on the given field number. fields are delimited with the given field-delimiter
-ci color        use 'color' (red, green, etc), usefull when merging multiple inputs
-c-              do NOT colorize the following file
-C-              do NOT colorize the following files
-cT term         interpret terminal-codes from file/command (for terminal type 'term')
-Z color         set color for markerline
-w               do not use colors

 *** timestamps ***
-ts              add a timestamp (format configurable in multitail.conf) before each line
-T               put a timestamp in markerlines

 *** status line parameters ***
-d               do NOT update the status-line
-D               do not display a status-line at all
-du              put the statusline above the data window

 *** status line parameters ***
-z               do not show "window closed" pop-ups
-x str           show "str" in the xterm title bar
-t x             display 'x' in the window-title (when MultiTail runs in an xterm)
-u               set update interval (for slow links)

 *** input text handling ***
-p x [y]         set linewrap (l=left/a=all/r=right/s=syslog,S=syslog w/o procname,o=offset -> 'y',w=wordwrap)
-P               like -p but for all following files
-b n             set TAB-width
--cont           reconnect lines with a '' at the end

 *** line prefixes ***
--basename       only display the filename (and not the path) in the statusline
--label x        put in front of each line
-S prepend       show subwindow number in merged output

 *** configuration file ***
-F file          use 'file' as configuration file (instead of /etc/multitail.conf)
--no-load-global-config do not read /etc/multitail.conf
-o config_file_parameter do a setting which would normally be set in the configuration file

 *** monitoring ***
-H x             show heartbeat (to keep your sessions alive)
--beep-interval x beep every x lines processed
--bi x           like '--beep-interval' but only for current (sub-)window
--closeidle x    close windows when more then 'x' seconds no new data was processed

 *** miscellaneous ***
-V               show version and exit
-h               this help

You can have multiple regular expressions per file/command. Be warned: if
you define multiple and one of them is specified with '-E' (=for every
following file), _all_ of the current regular expressions are for all
following files!

 

 

Thanks for your wonderful Support and Encouragement

blank

Ankam Ravi Kumar

Working as Linux / Storage Administrator L3. Interested in sharing the knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *