熱門分類
載入中…
目錄0%

🐧 Linux tail & Text Processing Guide: Real-time Log Monitoring and Filtering Techniques

    🐧 Linux tail & Text Processing Guide: Real-time Log Monitoring and Filtering Techniques

    tail is one of the most commonly used Linux commands for viewing the latest entries in system logs. When combined with tools like grep, awk, and sed, you can transform raw log output into real-time, structured, and actionable information streams.

    📘 1. Basic tail Usage

    The tail command prints the last few lines of a file (default: 10 lines):

    tail /var/log/messages
    tail -n 20 /var/log/syslog

    To follow a log file in real time, use the -f flag:

    sudo tail -f /var/log/nginx/access.log

    This continuously streams new log entries — perfect for monitoring web or system activity.

    🧩 2. Filtering Logs with grep

    Use grep to filter out lines containing specific keywords:

    sudo tail -f /var/log/syslog | grep "error"
    sudo tail -f /var/log/secure | grep -E "Failed|Invalid"

    Regular expressions (-E) let you match multiple patterns efficiently.

    🧠 3. Formatting Output with awk & sed

    awk extracts specific fields, such as IP, time, or status codes:

    sudo tail -f /var/log/nginx/access.log | awk '{print $1, $4, $9}'

    sed can dynamically replace or highlight text:

    sudo tail -f /var/log/app.log | sed 's/DEBUG/🟢 DEBUG/g'

    These combinations help make logs more readable and structured for quick analysis.

    ⚙️ 4. Practical Examples

    • Monitor failed SSH logins: sudo tail -f /var/log/auth.log | grep "Failed password"
    • Show HTTP 500 errors: sudo tail -f access.log | grep " 500 "
    • Count client IP access frequency: sudo tail -f access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head

    🔍 5. Advanced: Multiple Files & Time-Stamped Output

    Monitor multiple log files at once:

    sudo tail -f /var/log/nginx/*.log

    Combine with ts (from moreutils) to prepend timestamps:

    sudo tail -f /var/log/messages | ts "%Y-%m-%d %H:%M:%S"

    🧭 Action Checklist

    ✅ Understand differences between tail -f and -n  
    ✅ Combine grep / awk / sed for efficient filtering  
    ✅ Create scripts or systemd services for log monitoring  
    ✅ Export parsed results to centralized log analyzers  
      

    📘 Conclusion

    By mastering tail and text-processing commands, system administrators can quickly identify issues, monitor activity, and maintain a clean log workflow. These tools form the backbone of Linux monitoring and troubleshooting.


    🔗 Related Reading

    — WWFandy・System & Network Notes

    🔗 分享這篇 LINE Facebook X

    沒有留言:

    字級