[PLUG] logtail2 Re: 'logtail' Re: 'logcheck'

Edmond Rodriguez on 15 Oct 2009 10:34:35 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] logtail2 Re: 'logtail' Re: 'logcheck'

From: Edmond Rodriguez <erodrig_97@yahoo.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: [PLUG] logtail2 Re: 'logtail' Re: 'logcheck'

Date: Thu, 15 Oct 2009 10:34:29 -0700 (PDT)

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

After much googling for an easy way of tailing log files in a batch mode, I learned logtail2 is also in the logcheck distribution (added at some later time), which was made to answer issues of rotation. It seems to work for a simple test of one rotation. It at least needs some rotation detection code it stores in /usr/share/logtail/detectrotate. So this may be a simple way to tail logs (batch), even with one rotation (maybe more, don't know). If the file rotates once, and a tail is run, the output will be the last lines, not seen, from the rotated log file, plus all the new lines of the newly made log file Though I have only run very simple tests with it, it seems to stand alone (/usr/sbin/logtail2, /usr/share/logtail) not needing the rest of the logcheck distribution. Edmond ----- Original Message ---- > From: "bergman@merctech.com" <bergman@merctech.com> > To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org> > Sent: Wednesday, October 14, 2009 7:30:26 PM > Subject: Re: [PLUG] 'logtail' Re: 'logcheck' > > > > In the message dated: Wed, 14 Oct 2009 15:01:01 PDT, > The pithy ruminations from Edmond Rodriguez on > <[PLUG] 'logtail' Re: 'logcheck'> were: > => So logcheck has a nice little program included called logtail, which is very > nice and simple for > => tailing a log where you left off the last time you tailed it. While logtail > keeps the inode nu > => mber of the log, it does not seem to deal with the rotation of the file. > > Right. If I recall correctly, it also doesn't deal well if the file is > truncated (but the inode doesn't change). > > => > => Logcheck deals with the rotation of a log, and get the last lines of a > rotated log along with th > => e lines of a new log file, but is more complex if all the checking it does is > not needed. It als > => o has a learning curve. > => > => Logtail is just one simple program file (I think). It does not parse, but is > simple. > => > => Am I missing something here? Is there a simple canned way to stay simple with > logtail, but still > => deal with the rotation. I guess I could look at the inode myself, and check > to see if a new fi > => le exists, then run logtail on the old inode with the recorded offset. Then > run logtail again o > => n the new file. > > I ran into the same thing in ~2005. I know that I wrote a work-around...it just > took me a while to find it. :) > > I've attached a copy of "tailc". It's a simple perl script (which I'd probably > write differently if I was doing it over again). Enjoy. > > > Mark > > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

[PLUG] log rotation with compression Re: logtail2 Re: 'logtail' Re: 'logcheck'
From: Edmond Rodriguez <erodrig_97@yahoo.com>

References:

[PLUG] 'logtail' Re: 'logcheck'
From: Edmond Rodriguez <erodrig_97@yahoo.com>

Re: [PLUG] 'logtail' Re: 'logcheck'
From: bergman@merctech.com

Prev by Date: Re: [PLUG] 'logtail' Re: 'logcheck'

Next by Date: [PLUG] Solid State Drives

Previous by thread: Re: [PLUG] 'logtail' Re: 'logcheck'

Next by thread: [PLUG] log rotation with compression Re: logtail2 Re: 'logtail' Re: 'logcheck'

Index(es):

Date

Thread