Follow multiple log files with multitail
Any Linux administrator knows that watching log files is key to troubleshooting problems on a Linux system. In some troubleshooting instances it is necessary to follow more than one log file. For this you will wind up with two terminal windows open which can become a mess (when you already have a number of windows open.) With the multitail application it is possible to follow more than one log file in the same window. It's a wonderful tool for anyone who has to troubleshoot a Linux machine.
Multitail does exactly as it sounds - it allows more than one instance of the tail command in a single window. Given that we should probably take a look at the tail command first.
Tail
What tail does is print the output of a log file in real time. With this you can open up, say, /var/log/messages with tail and see the last ten lines of that file as they are printed. This comes in very handy when you need to see the errors precisely as they happen.
To run the tail command on a log file (we'll stick with our example above) you would issue the command:
tail -f /var/log/messages
You would see printed the last ten kernel buffer messages as they are added. This is very helfpul when you are plugging in a USB device and you want to find out what address the device is attached to.
But what if you want to view, say, /var/log/mail.err and /var/log/mail.warn together? Sure you could open up two terminals and issue the tail commands for each log file, but why do that when you can have them in the same window?
Getting and installing multitail
The easiest way to install multitail is to issue the command (since you'll be working in the command line anyway):
sudo apt-get install multitail
or
yum install multitail
Once the application is installed you are ready to go (there is no configuration necessary).
Running multitail
The structure of the multitail command is:
multitail -i FIRSTLOG -i SECONDLOG
Where FIRSTLOG and SECONDLOG are the log files you want to follow. Sticking with the example above let's follow mail.err and mail.info. We do this with the command:
sudo multitail -i /var/log/mail.err -i /var/log/mail.info
The above command will have multitail following both log files horizontally (as shown in Figure 1). At first it can be a bit disconcerting to see and follow. What you are seeing is the /var/log/mail.err file being tail'd on top and the /var/log/mail.info file being tail'd on bottom. The easiest way to discern one from the other is at the bottom of each tail is the white bar showing what file is being tail'd.
If you do not like the horizontal layout you can change that to a vertical layout with the s switch like so:
sudo multitail -s 2 -i /var/log/mail.err -i /var/log/mail.info
When you run this version of the command the tail's are side by side with a wide vertical bar between them (as you can see in Figure 2).
Merging logs
You can also use multitail to merge multiple logs into one log. This can help you when you know you need to follow the output of more than one log file but you don't need them separated. To do this you use the mergeall option like so:
sudo multitail --mergeall -i /var/log/mail.err -i /var/log/mail.info
Final thoughts
Multitail is one of those tools that once you get used to having it in your toolkit you will pull it out again and again.
Advertisement
I am trying to view log files from x264. It writes lines with mixed formats for some reason. Multitail WILL NOT follow these files.