Monitoring Multiple Log Files In RealTime With MultiTail (Ubuntu)

Last Updated on: July 9, 2020

Oh my… I really find scanning through the logs file time consuming, and painful.

Luckily for me, I founded Multitail, which is an awesome, and powerful tool for not only browsing through several files at once but also viewing them in realtime, mind-blowing.

With Multitail, you can view one or more files like the original tail program, the difference is that it creates multiple windows on your console (with nurses), which is why we have “Multi”-tail.

Installing Multi-Tail In Ubuntu:

					

sudo apt install multitail

Using Multi-tail:

To use multitail, you use the following syntax:

sudo multitail file1 file2 ...

For example, To view a single Nginx error log, I do:

					

sudo multitail /var/log/nginx/website.error

1. A single multitail log file

This would open the file, and monitor the logs in realtime, at the bottom is the statusline with the name of the file, its size, and the date/time of the when the file changes (this is in realtime).

Viewing Multiple Error Log Files:

					

sudo multitail /var/log/nginx/website.error /var/log/nginx/website.log

2. Multiple Log Files Using Multitail

As you can see, it splits the terminal window into two-pane. In each window, one file is displayed. Both windows have a status line giving info as described above. The first file is displayed at the first top section, and the other is displayed underneath the first file.

To display them side by side, you can use the following command (quit the program with Ctrl + C):

					

sudo multitail -s 2 /var/log/nginx/website.error /var/log/nginx/website.log

3. Column Split

If you look at the code above, you’ll notice I added 2, this is because you need to tell multitail how many columns you want to split, if, for example, you have 3 files, you can split them into 3 columns, and so on. Alternatively, you can press the ‘v’ key while the program is running, and then choose your desired column number.

Scrolling Log Files or Multiple Log Files

You might have thought using the arrow keys would enable you to scroll through the logs in a file, that won’t work.

To scroll in a single file, you press the ‘b’ key. In multiple files, you press the ‘b’ key, and you get a file selector prompting you which files you want to scroll, select your desired file, and you can then scroll with the up and down arrow keys. Press x or q to exit the window

By default, you can only scroll the last 100 lines, to adjust the limit to a higher or lower number, you press the ‘m’ key, and you will be prompted to enter a new value.

Alternatively, you can reset the limit as follows:

					

multitail -M 20 exclusivemusicplus.com.log pastorprogress.net.log

4. Scroll Lines Set

Merging Two or More Files Together

This program is really powerful, and the fact that you can merge two or more files together would greatly enhance your debugging skills, to merge multiple files, you use the ‘-I’ parameter. It merges two or more files together.

To merge two files together, you do the following

					

multitail /var/log/nginx/access.log -I /var/log/nginx/error.log

The beautiful thing about this feature is that, it would automatically update the status line to whatever file is currently being monitored.

Changing the color

As you’ve probably seen for yourself, there isn’t a clean way to tell the logs entry apart, it’s all jam-packed, which is where the color feature comes in.

With multitail, you can display log files in color, you can do this with the -c parameter or you can press c when the program is running, and then choose your preferred option.

Open a file with multitail, e.g an apache error log, press c, and then press Capital letter ‘S’, you’ll see something like below

For example, I’ll open a file with multitail, press c and then press ‘S’ for a color scheme switch, e.g

6. Color Scheme

Since, I am editing an apache log, I’ll navigate to that, use space to toggle, and then enter to proceed:

7. Apache Color Scheme

This is better, and smooth, at least for me, you can also switch to other color schemes, for example, ClamAV, postfix, and the likes.

Extra Examples:

Here are more examples taking from this website: vanheusden.com/multitail

Show 3 logfiles in 2 columns:

					

multitail -s 2 /var/log/apache/access.log /var/log/messages /var/log/mail.log

Show 5 logfiles while merging 2 and put them in 2 columns with only one in the left column:

					

multitail -s 2 -sn 1,3  /var/log/apache2/access.log -I /var/log/apache2/error.log /var/log/fail2ban.log \
 /var/log/syslog /var/log/dovecot.log

Output (I had to include a screenshot cus its mind blowing ;)):

8. Show 5 logfiles while merging 2 and put them in 2 columns with only one in the left column

Merge the output of 2 ping commands while removing “64 bytes received from” from only 1 of them:

					

multitail -l "ping 192.158.0.1" -ke "64 bytes from" -L "ping 192.168.0.2"

Show the output of a ping-command and if it displays a timeout, send a message to all users currently logged in:

					

multitail -ex timeout "echo timeout | wall" -l "ping 192.158.0.1"

In one window show all new TCP connections and their state changes using netstat while in the other window displaying the merged access and error logfiles of apache:

					

multitail -R 2 -l "netstat -t" /var/log/apache/access.log -I /var/log/apache/error.log

As the previosu example but also copy the output to the file netstat.log

					

multitail -a netstat.log -R 2 -l "netstat -t tcp" /var/log/apache/access.log -I /var/log/apache/error.log

Show 2 logfiles merged in one window but give each logfile a different color so that you can easily see what lines are for what logfile:

					

multitail -ci green /var/log/apache/access.log -ci red -I /var/log/apache/error.log

Merge ALL apache logfiles (*access_log/*error_log) into one window:

					

multitail -cS apache --mergeall /var/log/apache/*access_log --no-mergeall -cS apache_error \
	--mergeall /var/log/apache/*error_log --no-mergeall

Enjoy.

Comment policy: Respectful and beneficial comments are welcome with full open hands. However, all comments are manually moderated and those that doesn't relate with what the passage is saying or offensive comments would be deleted. Thanks for understanding!

Leave a Reply

Your email address will not be published. Required fields are marked *