Oct 132009

From ghacks.net
The easiest way to install multitail is to issue the command (since you’ll be working in the command line anyway):
sudo apt-get install multitail
yum install multitail

Once the application is installed you are ready to go (there is no configuration necessary).

Running multitail

The structure of the multitail command is:

multitail -i FIRSTLOG -i SECONDLOG

Where FIRSTLOG and SECONDLOG are the log files you want to follow. Sticking with the example above let’s follow mail.err and mail.info. We do this with the command:

sudo multitail -i /var/log/mail.err -i /var/log/mail.info

The above command will have multitail following both log files horizontally (as shown in Figure 1). At first it can be a bit disconcerting to see and follow. What you are seeing is the /var/log/mail.err file being tail’d on top and the /var/log/mail.info file being tail’d on bottom. The easiest way to discern one from the other is at the bottom of each tail is the white bar showing what file is being tail’d.

If you do not like the horizontal layout you can change that to a vertical layout with the s switch like so:

sudo multitail -s 2 -i /var/log/mail.err -i /var/log/mail.info

When you run this version of the command the tail’s are side by side with a wide vertical bar between them (as you can see in Figure 2).

Merging logs

You can also use multitail to merge multiple logs into one log. This can help you when you know you need to follow the output of more than one log file but you don’t need them separated. To do this you use the mergeall option like so:

sudo multitail –mergeall -i /var/log/mail.err -i /var/log/mail.info

For more information;


# Merge 2 logfiles in one window:

multitail /var/log/apache/access.log -I /var/log/apache/error.log

# Show 3 logfiles in 2 columns:

multitail -s 2 /var/log/apache/access.log /var/log/messages /var/log/mail.log

# Show 5 logfiles while merging 2 and put them in 2 columns with only one in the left column:

multitail -s 2 -sn 1,3 /var/log/apache/access.log -I /var/log/apache/error.log /var/log/messages \
/var/log/mail.log /var/log/syslog

# Merge the output of 2 ping commands while removing “64 bytes received from” from only 1 of them:

multitail -l “ping” -ke “64 bytes from” -L “ping”

# Show the output of a ping-command and if it displays a timeout, send a message to all users
currently logged in

multitail -ex timeout “echo timeout | wall” -l “ping”

# In one window show all new TCP connections and their state changes using netstat while in
the other window displaying the merged access and error logfiles of apache

multitail -R 2 -l “netstat -t” /var/log/apache/access.log -I /var/log/apache/error.log

# As the previosu example but also copy the output to the file netstat.log

multitail -a netstat.log -R 2 -l “netstat -t tcp” /var/log/apache/access.log -I /var/log/apache/error.log

# Show 2 logfiles merged in one window but give each logfile a different color so that you
can easily see what lines are for what logfile:

multitail -ci green /var/log/apache/access.log -ci red -I /var/log/apache/error.log

# Show 3 rssfeeds merged in one window using rsstail

multitail -cS rsstail -l “rsstail -n 1 -z -l -d -u http://setiathome.berkeley.edu/rss_main.php” \
-cS rsstail -L “rsstail -n 1 -z -l -d -u http://www.biglumber.com/index.rss” -cS rsstail \
-L “rsstail -n 1 -z -l -u http://kernel.org/kdist/rss.xml”

# Show a Squid (proxy server) logfile while converting timestamps to something readable

multitail -cv squid /var/log/squid/access.log

# Display Q-Mail logging while converting the timestamp into human readable format

multitail -cv qmailtimestr /var/log/qmail/qmail.smtpd.log

# Merge ALL apache logfiles (*access_log/*error_log) into one window:

multitail -cS apache –mergeall /var/log/apache/*access_log –no-mergeall -cS apache_error \
–mergeall /var/log/apache/*error_log –no-mergeall

# Monitor the logfile of an other system:
For this you need to setup a couple of things. MultiTail runs on system A, the logfile on system B.
In this example we’re going to monitor the apache logfile. Add the following to /etc/services:

apachelog 20000/tcp

Add this to /etc/inetd.conf:

apachelog stream tcp nowait root /usr/local/sbin/tail_apache_log /usr/local/sbin/tail_apache_log

and create the file /usr/local/sbin/tail_apache_log with the following content:


/usr/bin/tail -f /var/log/apache2/access.log

make sure that you don’t forget to make that script executable (chmod +x filename).
Then on host A start MultiTail like this:

multitail -cS apache -l “telnet B 20000”

Please note that logfiles go in plaintext across the network. You may also need to adjust
the files /etc/hosts.[allow|deny] on host B to only allow host A to connect.
# Monitoring Tomcat

multitail -cS apache -cS log4j “${TOMCAT_HOME}/logs/catalina.out”

 Posted by at 9:24 am