Monitoring logs: tail -f vs less +F

cool_penguin_smallWe came across a very useful application of less on Reddit today. In general, the most popular method to monitor changing logs is to use tail -f or tailf. However, when you see something interesting in the logs, you may need to come out of tail and open the file in vim to have a closer look.

less provides a better alternative when you are handling only one file. Try:

$ less +F mylog.log

The file is opened and scrolls down as in case of tail. However, to stop the scrolling at any point, press <Ctrl-c> and the mode is changed from monitoring to viewing. You can search for a string using /searchstring and use other functionalities of less. Some of the keybinds are similar to that in vim. To resume monitoring press <Shitf-f>. Here’s what the +F switch to less does (from the man page):

Scroll forward, and keep trying to read when the end of file is reached. Normally this command would be used when already at the end of the file. It is a way to monitor the tail of a file which is growing while it is being viewed. (The behavior is similar to the “tail -f” command.)

However, when it come to handling multiple changing files, tail or multitail are the right tools. tail handles multiple files together (which less can’t). multitail, in addition to handling multiple files, can read the new file when syslog rolls it over.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s