Navigating: Home » Cloud Computing » Ubuntu » Monitoring Multiple Log Files In RealTime With MultiTail (Ubuntu) Monitoring Multiple Log Files In RealTime With MultiTail (Ubuntu) Posted on July 9, 2020 by devsrealm Oh my… I really find scanning through the logs file time consuming, and painful. Luckily for me, I founded Multitail, which is an awesome, and powerful tool for not only browsing through several files at once but also viewing them in realtime, mind-blowing. With Multitail, you can view one or more files like the original tail program, the difference is that it creates multiple windows on your console (with nurses), which is why we have “Multi”-tail. Installing Multi-Tail In Ubuntu: sudo apt install multitail Using Multi-tail: To use multitail, you use the following syntax: sudo multitail file1 file2 ... For example, To view a single Nginx error log, I do: sudo multitail /var/log/nginx/website.error This would open the file, and monitor the logs in realtime, at the bottom is the statusline with the name of the file, its size, and the date/time of the when the file changes (this is in realtime). Viewing Multiple Error Log Files: sudo multitail /var/log/nginx/website.error /var/log/nginx/website.log As you can see, it splits the terminal window into two-pane. In each window, one file is displayed. Both windows have a status line giving info as described above. The first file is displayed at the first top section, and the other is displayed underneath the first file. To display them side by side, you can use the following command (quit the program with Ctrl + C): sudo multitail -s 2 /var/log/nginx/website.error /var/log/nginx/website.log If you look at the code above, you’ll notice I added 2, this is because you need to tell multitail how many columns you want to split, if, for example, you have 3 files, you can split them into 3 columns, and so on. Alternatively, you can press the ‘v’ key while the program is running, and then choose your desired column number. Scrolling Log Files or Multiple Log Files You might have thought using the arrow keys would enable you to scroll through the logs in a file, that won’t work. To scroll in a single file, you press the ‘b’ key. In multiple files, you press the ‘b’ key, and you get a file selector prompting you which files you want to scroll, select your desired file, and you can then scroll with the up and down arrow keys. Press x or q to exit the window By default, you can only scroll the last 100 lines, to adjust the limit to a higher or lower number, you press the ‘m’ key, and you will be prompted to enter a new value. Alternatively, you can reset the limit as follows: multitail -M 20 exclusivemusicplus.com.log pastorprogress.net.log Merging Two or More Files Together This program is really powerful, and the fact that you can merge two or more files together would greatly enhance your debugging skills, to merge multiple files, you use the ‘-I’ parameter. It merges two or more files together. To merge two files together, you do the following multitail /var/log/nginx/access.log -I /var/log/nginx/error.log The beautiful thing about this feature is that, it would automatically update the status line to whatever file is currently being monitored. Changing the color As you’ve probably seen for yourself, there isn’t a clean way to tell the logs entry apart, it’s all jam-packed, which is where the color feature comes in. With multitail, you can display log files in color, you can do this with the -c parameter or you can press c when the program is running, and then choose your preferred option. Open a file with multitail, e.g an apache error log, press c, and then press Capital letter ‘S’, you’ll see something like below For example, I’ll open a file with multitail, press c and then press ‘S’ for a color scheme switch, e.g Since, I am editing an apache log, I’ll navigate to that, use space to toggle, and then enter to proceed: This is better, and smooth, at least for me, you can also switch to other color schemes, for example, ClamAV, postfix, and the likes. Extra Examples: Here are more examples taking from this website: vanheusden.com/multitail Show 3 logfiles in 2 columns: multitail -s 2 /var/log/apache/access.log /var/log/messages /var/log/mail.log Show 5 logfiles while merging 2 and put them in 2 columns with only one in the left column: multitail -s 2 -sn 1,3 /var/log/apache2/access.log -I /var/log/apache2/error.log /var/log/fail2ban.log \ /var/log/syslog /var/log/dovecot.log Output (I had to include a screenshot cus its mind blowing ;)): Merge the output of 2 ping commands while removing “64 bytes received from” from only 1 of them: multitail -l "ping 188.8.131.52" -ke "64 bytes from" -L "ping 192.168.0.2" Show the output of a ping-command and if it displays a timeout, send a message to all users currently logged in: multitail -ex timeout "echo timeout | wall" -l "ping 184.108.40.206" In one window show all new TCP connections and their state changes using netstat while in the other window displaying the merged access and error logfiles of apache: multitail -R 2 -l "netstat -t" /var/log/apache/access.log -I /var/log/apache/error.log As the previosu example but also copy the output to the file netstat.log multitail -a netstat.log -R 2 -l "netstat -t tcp" /var/log/apache/access.log -I /var/log/apache/error.log Show 2 logfiles merged in one window but give each logfile a different color so that you can easily see what lines are for what logfile: multitail -ci green /var/log/apache/access.log -ci red -I /var/log/apache/error.log Merge ALL apache logfiles (*access_log/*error_log) into one window: multitail -cS apache --mergeall /var/log/apache/*access_log --no-mergeall -cS apache_error \ --mergeall /var/log/apache/*error_log --no-mergeall Enjoy.