实时查看或监视Linux日志文件的6种方法


6 Ways to View or Monitor Linux Log Files in Real-Time

Linux中的大多数日志文件都可以在" / var / log"目录中找到。

您可以使用ls命令列出所有日志文件。

大多数应用程序将日志文件保存在此处,只有少数应用程序将日志文件保留在目录中。

当您对任何应用程序有疑问时,阅读实时日志记录可以帮助您轻松修复它。

有许多用于此目的的应用程序,我们将列出一些命令,这些命令使用户能够读取Linux系统中的实时日志。

当您使用这些应用程序时,它就像实时监控一样工作。

如果您经常访问Linux手册页,那么下面的文章一定会对您有所帮助。

  • 在Linux中获取配色手册页的2种简单方法

    • tail是Linux管理员为此目的使用最广泛的命令之一。

    1)如何使用tail命令实时查看或监视Linux日志文件

    tail命令用于打印文件的最后一部分。默认情况下,它显示给定文件的最后10行。当文件实时增长时,"-f"选项用于附加数据。

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    # tail -f /usr/local/apache/domlogs/2daygeek.com

    172.69.54.64 - - [17/Oct/2019:07:32:26 +0000]"GET /install-enable-epel-repository-on-rhel-centos-scientific-linux-oracle-linux/ HTTP/1.1" 200 14957"-""Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)"
    162.158.158.160 - - [17/Oct/2019:07:32:35 +0000]"POST /wp-admin/admin-ajax.php HTTP/1.1" 200 102"https://www.2daygeek.com/wp-admin/post.php?post=1903&action=edit""Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
    162.158.165.213 - - [17/Oct/2019:07:32:37 +0000]"GET /wp-content/uploads/2014/12/uninstall-oracle-java-openjdk-on-linux.png HTTP/1.1" 304 -"-""Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
    172.69.135.59 - - [17/Oct/2019:07:32:38 +0000]"GET /favicon.ico HTTP/1.1" 200 -"-""Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
    162.158.167.117 - - [17/Oct/2019:07:32:39 +0000]"POST /wp-cron.php?doing_wp_cron=1571297559.8601169586181640625000 HTTP/1.1" 200 20"https://www.2daygeek.com/wp-cron.php?doing_wp_cron=1571297559.8601169586181640625000""WordPress/5.2.4; https://www.2daygeek.com"
    108.162.250.76 - - [17/Oct/2019:07:32:40 +0000]"GET /wp-content/uploads/2018/12/Check-CPU-And-HDD-Temperature-In-Linux.png HTTP/1.1" 200 27050"-""Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
    108.162.246.174 - - [17/Oct/2019:07:32:39 +0000]"GET /install-papirus-icon-theme-in-linux-mint-ubuntu-fedora-manjaro/ HTTP/1.1" 301 20"-""Mediapartners-Google"
    108.162.249.29 - - [17/Oct/2019:07:32:41 +0000]"GET /favicon.ico HTTP/1.1" 200 -"-""Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
    162.158.106.175 - - [17/Oct/2019:07:32:42 +0000]"GET /install-papirus-icon-theme-in-linux-mint-ubuntu-fedora-manjaro/ HTTP/1.1" 200 14898"-""Mediapartners-Google"
    162.158.238.113 - - [17/Oct/2019:07:32:42 +0000]"GET /how-to-find-wwn-wwnn-and-wwpn-number-of-hba-card-in-linux/ HTTP/1.1" 200 15513"https://www.google.com/""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
    172.69.39.11 - - [17/Oct/2019:07:32:44 +0000]"GET /how-to-add-additional-ip-secondary-ip-in-ubuntu-debian-system/ HTTP/1.1" 200 17017"https://www.google.com/""Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
    172.69.39.9 - - [17/Oct/2019:07:32:45 +0000]"GET /wp-includes/css/dist/block-library/style.min.css?ver=5.2.4 HTTP/1.1" 304 -"https://www.2daygeek.com/how-to-add-additional-ip-secondary-ip-in-ubuntu-debian-system/""Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"

    另外,您可以使用另一个版本的tail命令" tailf",并且由于配置了该命令,因此不需要" -f"选项。

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    # tailf /usr/local/apache/domlogs/2daygeek.com

    108.162.246.240 - - [17/Oct/2019:07:32:15 +0000]"GET /cockpit-monitor-administer-multiple-remote-linux-servers-via-web-browser/ HTTP/1.1" 200 16090"-""Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
    162.158.154.50 - - [17/Oct/2019:07:32:16 +0000]"GET /install-phpmyadmin-on-cetnos-rhel-fedora HTTP/1.1" 301 20"-""Mozilla/5.0 (compatible; GrapeshotCrawler/2.0; +http://www.grapeshot.co.uk/crawler.php)"
    162.158.159.47 - - [17/Oct/2019:07:32:18 +0000]"GET /install-phpmyadmin-on-cetnos-rhel-fedora/ HTTP/1.1" 200 14405"-""Mozilla/5.0 (compatible; GrapeshotCrawler/2.0; +http://www.grapeshot.co.uk/crawler.php)"
    172.68.206.5 - - [17/Oct/2019:07:32:18 +0000]"GET /install-papirus-icon-theme-in-linux-mint-ubuntu-fedora-manjaro HTTP/1.1" 301 20"-""Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/36.0.1985.143 Safari/537.36"
    172.69.134.10 - - [17/Oct/2019:07:32:18 +0000]"GET /mytop-monitor-mysql-mariadb-performance-linux/ HTTP/1.1" 200 16651"https://www.google.com/""Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
    162.158.158.160 - - [17/Oct/2019:07:32:20 +0000]"POST /wp-admin/admin-ajax.php HTTP/1.1" 200 102"https://www.2daygeek.com/wp-admin/post.php?post=1903&action=edit""Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
    172.69.134.106 - - [17/Oct/2019:07:32:23 +0000]"POST /wp-cron.php?doing_wp_cron=1571297543.1548700332641601562500 HTTP/1.1" 200 20"https://www.2daygeek.com/wp-cron.php?doing_wp_cron=1571297543.1548700332641601562500""WordPress/5.2.4; https://www.2daygeek.com"
    141.101.77.105 - - [17/Oct/2019:07:32:22 +0000]"GET /how-to-check-whether-a-port-is-open-on-the-remote-linux-system-server/ HTTP/1.1" 200 15288"https://www.google.com/""Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
    141.101.77.105 - - [17/Oct/2019:07:32:24 +0000]"GET /how-to-check-whether-a-port-is-open-on-the-remote-linux-system-server/ HTTP/1.1" 200 15390"https://www.google.com/""Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
    172.69.54.64 - - [17/Oct/2019:07:32:26 +0000]"GET /install-enable-epel-repository-on-rhel-centos-scientific-linux-oracle-linux/ HTTP/1.1" 200 14957"-""Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)"
    162.158.158.160 - - [17/Oct/2019:07:32:35 +0000]"POST /wp-admin/admin-ajax.php HTTP/1.1" 200 102"https://www.2daygeek.com/wp-admin/post.php?post=1903&action=edit""Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"

    2)如何使用journalctl命令实时监视或监视Linux日志文件

    journalctl命令用于查询系统日志(日志)。它是从多个来源检索的,例如内核,用户进程,系统服务的标准输出和标准错误输出。

    这些日志由负责它的systemd-journald服务收集和写入。

    根据优先级对输出进行着色:ERROR和更高级别的行被着色为红色;注意和更高级别的行被突出显示;级别DEBUG的行为浅灰色;其他行正常显示。

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    # journalctl -f

    -- Logs begin at Wed 2019-10-16 13:59:59 UTC. --
    Oct 17 05:36:35 ns1.nsforcdn.com kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.237.66.163 DST=94.237.67.254 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=12203 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0
    Oct 17 05:36:36 ns1.nsforcdn.com sshd[26612]: Invalid user stress from 80.211.129.34 port 57780
    Oct 17 05:36:36 ns1.nsforcdn.com sshd[26612]: input_userauth_request: invalid user stress [preauth]
    Oct 17 05:36:36 ns1.nsforcdn.com sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
    Oct 17 05:36:36 ns1.nsforcdn.com sshd[26612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.34
    Oct 17 05:36:38 ns1.nsforcdn.com sshd[26612]: Failed password for invalid user stress from 80.211.129.34 port 57780 ssh2
    Oct 17 05:36:38 ns1.nsforcdn.com sshd[26612]: Received disconnect from 80.211.129.34 port 57780:11: Bye Bye [preauth]
    Oct 17 05:36:38 ns1.nsforcdn.com sshd[26612]: Disconnected from 80.211.129.34 port 57780 [preauth]
    Oct 17 05:36:41 ns1.nsforcdn.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=be:de:32:a3:38:a5:28:99:3a:41:cb:0d:08:00 SRC=45.136.109.237 DST=94.237.66.163 LEN=40 TOS=0x00 PREC=0x20 TTL=246 ID=13871 PROTO=TCP SPT=40734 DPT=9144 WINDOW=1024 RES=0x00 SYN URGP=0
    Oct 17 05:36:41 ns1.nsforcdn.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=be:de:32:a3:38:a5:28:99:3a:41:c9:e5:08:00 SRC=120.132.3.65 DST=94.237.66.163 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=34439 PROTO=TCP SPT=57841 DPT=15904 WINDOW=1024 RES=0x00 SYN URGP=0
    Oct 17 05:36:47 ns1.nsforcdn.com dhclient[3462]: DHCPREQUEST on eth0 to 94.237.67.254 port 67 (xid=0x7311995d)
    Oct 17 05:36:47 ns1.nsforcdn.com dhclient[3462]: send_packet: Operation not permitted
    Oct 17 05:36:47 ns1.nsforcdn.com dhclient[3462]: dhclient.c:2717: Failed to send 300 byte long packet over fallback interface.
    Oct 17 05:36:47 ns1.nsforcdn.com kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.237.66.163 DST=94.237.67.254 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=19879 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0

    3)如何使用less命令实时查看或监视Linux日志文件

    less是一个免费的开源文件分页器。 less命令允许您使用向上和向下箭头键或Page UP&Page Down按钮从上到下快速查看屏幕上的文件内容。

    1
    # less +F /usr/local/apache/domlogs/2daygeek.com

    width=

    4)如何使用multitail命令实时监视或监视Linux日志文件

    MultiTail命令允许您同时监视终端中多个窗口中的多个日志文件输出,着色,过滤和合并。

    1
    # multitail /var/log/dpkg.log /var/log/syslog

    width=

    5)如何使用lnav命令实时查看或监视Linux日志文件

    lnav是Linux的基于ncurses的高级日志文件查看器。所有日志文件的内容都基于消息时间戳合并到单个视图中。

    左侧的颜色条有助于显示消息所属的文件。

    1
    # lnav /var/log/dpkg.log /var/log/syslog

    width=

    6)如何使用watch命令实时监视或监视Linux日志文件

    watch反复运行命令,以全屏显示其输出和错误。这使您可以观察程序输出随时间的变化。默认情况下,命令每2秒运行一次,监视将一直运行直到被中断。

    1
    # watch tail -n 10 /usr/local/apache/domlogs/2daygeek.com

    width=