How to follow multiple log files generated dynamically in a combined view

1

I have a directory with log files, with new files added from time to time. I want to 'tailf' them in a combined view (see all lines from all files merged together)

I saw lnav recommended a few times for this, and based on on the feature description it should support these options - but the documentation isn't clear enough.

specifically - when running lnav to track a directory, I can switch log files using the f\F keys, but not get a combined view

Ophir Yoktan

Posted 2017-06-22T05:03:37.387

Reputation: 230

Answers

0

Indeed, I don't see any good solution for your need using lnav. Best I can think of is using tail -f on all log files:

tail -f file_1.log ... file_n.log

Another solution using logtail that has some drawbacks but handles the case where new log files are added from time to time:

#!/bin/bash

# Quietly initialize logtail offset files
for logfile in *log
do
    logtail $logfile
done > /dev/null


while :
do
    # wait a second for new logs
    sleep 1
    for logfile in *log
    do  
        # output new logs since last logtail run, prepend with log filename
        logtail $logfile | sed "s/^/$logfile: /"
    done
done

Gohu

Posted 2017-06-22T05:03:37.387

Reputation: 757

0

You can get a combined view of log messages in lnav if the files have timestamps and it understands the file formats. If lnav doesn't understand the log file format, it treats the files as plain text. You can create a new format definition as described in its documentation.

Timothy Stack

Posted 2017-06-22T05:03:37.387

Reputation: 56

Asked: 2017-06-22T05:03:37.387

Viewed: 300 times

Active: 2018-12-14T15:23:22.020