Introduction

The ability to effectively understand and monitor log files is an important part of a system administrator or developer’s job responsibilities. Since, while working with Linux systems when services and applications do not function as intended the first and foremost task to look through the log files for diagnostic information that could help in troubleshooting the issue. We could you the cat command to open up the log file and print it to the terminal in its entirety but a large log file would be difficult to read if opened is this manner. If we need to view the oldest or most recent logs from a file, we could use the head and tail commands respectively. A more effective method of reading large log files would be to parse it through pagers more and less. But what if we need to monitor the log file for changes in real time?  The inbuilt tail command has proven useful in this aspect by providing a -f option which allows users to monitor log files for changes/content as it gets appended to log file.

But in order to monitor log files really effectively, we should consider using the multitail utility which is a free and open source tool developed to help users monitor their system log files. Given below are some of the features of multitail and why you should consider using it.

  • Monitor log files for changes in real time (similar to tail -f functionality)
  • Use multiple input sources
  • Color coding important information
  • Open multiple files in the same terminal window (similar to vim and screen split window functionality)

In this article, we will show you how to install and use the multitail utility.

 

Installing multitail
If you are working on a yum based system, then you would need to have the epel repository added and enabled on your system to install the multitail software package.

[root@linuxnix ~]# yum list multitail
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
epel/metalink | 7.1 kB 00:00
* base: ftp.iitm.ac.in
* epel: kartolo.sby.datautama.net.id
* extras: ftp.iitm.ac.in
* jpackage-generic: sunsite.informatik.rwth-aachen.de
* updates: ftp.iitm.ac.in
base | 3.7 kB 00:00
epel | 4.7 kB 00:00
epel/primary_db | 6.0 MB 00:56
extras | 3.4 kB 00:00
jpackage-generic | 1.9 kB 00:00
spacewalk | 2.1 kB 00:00
updates | 3.4 kB 00:00
Available Packages
multitail.x86_64 6.2.1-1.el6 epel
[root@linuxnix ~]#

To install multitail on your system, type the following command:

[root@linuxnix ~]# yum install multitail -y
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.vbctv.in
* epel: kartolo.sby.datautama.net.id
* extras: mirror.vbctv.in
* jpackage-generic: sunsite.informatik.rwth-aachen.de
* updates: mirror.vbctv.in
Resolving Dependencies
--> Running transaction check
---> Package multitail.x86_64 0:6.2.1-1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================
Package Arch Version Repository Size
================================================================================================
Installing:
multitail x86_64 6.2.1-1.el6 epel 161 k

Transaction Summary
==============================================================================================
Install 1 Package(s)

Total download size: 161 k
Installed size: 379 k
Downloading Packages:
multitail-6.2.1-1.el6.x86_64.rpm | 161 kB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : multitail-6.2.1-1.el6.x86_64 1/1
Verifying : multitail-6.2.1-1.el6.x86_64 1/1

Installed:
multitail.x86_64 0:6.2.1-1.el6

Complete!
[root@linuxnix ~]#

You may have ascertained from the above installation logs that multitail is a very lightweight utility with a size of just 161Kb.

Verify multitail installation
We use the multitail command with the -V option to check it’s version and verify that it has been installed on the system.

[root@linuxnix ~]# multitail -V
--*- multitail 6.2.1 (C) 2003-2014 by folkert@vanheusden.com -*--

Thank you for using MultiTail.
If you have any suggestion on how I can improve this program,
do not hesitate to contact me at folkert@vanheusden.com
Website is available at: http://www.vanheusden.com/multitail/

 

Now that we have installed multitail and verified the installation, let’s take a look at some examples.

Open a log file using multitail
To open and display the contents of a log file using multitail type the multitail command followed by the log file name. Let’s open the /var/log/messages file to demonstrate.

As you may observe from the above image, multitail provides a certain level of content highlighting which makes the file more readable. Press the q key from the keyboard to close the file.

Open two files in the same window
To simultaneously open and display two files in the same terminal window using multitail, use the multitail command followed by the file names. Given below is an example wherein we opened the /var/log/messages and the /var/log/secure files together in the same terminal window using multitail.

To scroll through the files, hit ‘b‘ and select the file you want from the list. Press q to quit out and close both files. Once, you select the file, it will show you last 100 lines of that selected file, to scroll through the lines use the cursor keys.  You can also use ‘gg‘/’G‘ to move to the top/bottom of the scroll window.  If you want to view more lines, hit ‘q’ to exit and hit ‘m‘ to enter a new value for the number of lines to view.

View Multiple Files in Multiple Columns
We use the -s option with the multitail command and specify the number of columns that we like to use followed by the file names. Given below is an example of opening three files simultaneously in three columns using multitail.

 

View File and Execute a Command
To execute a command while also viewing a file we use the -l option with the multitail command followed by the command name. Given below is an example.

The log file opened will be displayed in the top half of the window while the command output will be displayed in the bottom half of the window.

View two log files in the same window but a different color scheme
If we are viewing multiple log files together in the same window then modifying the color scheme of one of the files could enhance readability. MultiTail provides the -ci option to change the color of the file it is displaying. Given below is an example.

 

Conclusion

In this article, we discussed the benefits of using multitail and we showed you how to install multitail and use it.
We hope that you’ve found this introduction to the tool useful and we encourage you to try other features of the tool on your own.

Post Views: 20,698
The following two tabs change content below.

Sahil Suri

He started his career in IT in 2011 as a system administrator. He has since worked with HP-UX, Solaris and Linux operating systems along with exposure to high availability and virtualization solutions. He has a keen interest in shell, Python and Perl scripting and is learning the ropes on AWS cloud, DevOps tools, and methodologies. He enjoys sharing the knowledge he's gained over the years with the rest of the community.