How To: Watch Server Logs in Real Time

Servers do a fantastic job of writing down in log files what is happening right that moment. While going back and reading logs later to determine what happened in the past is helpful, it is also useful to watch logs in real time. Linux provides a command line tool that lets us do just that: tail.

A Brief Introduction to Tail

The primary purpose of tail is to grab the last few lines of a file (ten lines by default). To do so with any file would look like this:

tail example.txt

Tail also gives us a way to watch files that are updated by other programs in real time: the -f flag.

tail -f example.log

While the -f flag is not exclusively for log files, it is the most common use case.

When you are through following the log, you will need to press the Control and c keys at the same time in order to stop the tail process.

Good Times to Tail: Apache

Suppose there is a link on your site that, every time you click on it, gives you an Apache error. Depending on how your site is coded, the error page may not provide you with much information beyond the fact that there is an error message. First, start tailing the error log (n.b.: the following examples assume you have a cPanel server):

tail -f /usr/local/apache/logs/error_log

If the log is not updating frequently, it is a good idea to hit the spacebar a few times so the error you are trying to reproduce is set apart from previous errors. Then, go back to your browser and click on the link that was giving you the error. It should provide an entry in the error log that matches what you have seen in the browser. This is a surefire way to verify that the log entry corresponds to clicking on that particular link on the site.

Good Times to Tail: Exim

Another use for tail -f can just be to get a broad overview to see if something is wrong. Often, if you see the same error repeated over and over again in a log file, you can get an indication of a server-wide problem.

Perhaps you are starting to hear multiple complaints that email addresses over several domains on your cPanel server are not receiving mail. A quick

tail -f /var/log/exim_mainlog

could show you in real time that multiple email accounts are all receiving the same error.

As always, if you find an error you are not sure how to approach, our Heroic Support Team is always available at the contact information below.

Be Sociable, Share!
Here's $75, Launch a New VPS Today. Find out why 30,000 customers have chosen our Best-in-Class Performance & 24x7 Heroic Support.