Log tracking with multitail

Nginx multitail output

As we saw in the Managing WordPress servers article, we can monitor the logs of our WordPress system in real time with the tail command. But if we want to monitor several files simultaneously, for example the accesses to the web and the failures that occur, it will be of great use to us multitail will be very useful, as we mentioned in the article.

In addition, unlike tail, multitail has the option to display the output with configurable syntax highlighting.

First we must install it with apt:

# apt install multitail

Next we are going to modify the configuration file /etc/multitail.conf to add our color schemes for Nginx (accesses and errors):

# Accesos Nginx
colorscheme:nginx:Logs acceso Nginx (Servidor web)
### IP de la visita
cs_re:yellow:^[^ ]*
### Fecha
cs_re:cyan:\[../.../....:..:..:.. \+....\]
### Peticion HTTP
cs_re:green:".{1,4} /.{0,200} H.{1,5}/.{1,3}"
### pagina no encontrada
cs_re:red: 404
### Codigo HTTP y bytes
cs_re:yellow: [0-5]{3} [0-9]{1,8}
### Sin Referer
cs_re:cyan: "-"
### Referer
cs_re:cyan: "http://.{1,250}"
### Identificador
cs_re:magenta: ".{1,400}"$

# Errores Nginx
colorscheme:nginx_error:Logs errores Nginx (Servidor web)
### Fecha y hora del error
cs_re:yellow:..../../.. ..:..:..
### Error
cs_re:red:\[error\] ......:
### Cliente
cs_re:yellow: client: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3},
### Server
cs_re:green: server: .{1,50},
### Peticion
cs_re:cyan: request: ".{1,150}",
### Host
cs_re:green: host: ".{1,50}"$

And now we can use the nginx or nginx_error color scheme in our log output, for example:

# multitail -cS nginx_error -wh 20 /var/log/nginx/fotodng.com.error.log -cS nginx /var/log/nginx/fotodng.com.access.log

Or create an alias in our file .bash_aliases to be included (by default) in the file .bashrc:

alias logs_web='multitail -cS nginx_error -wh 20 /var/log/nginx/fotodng.com.error.log -cS nginx /var/log/nginx/fotodng.com.access.log'

And create other aliases for example to read the waf 6g logs,

alias logs_security='multitail -s 2 -cS nginx /var/www/fotodng.com/logs/6g.log -cs /var/log/fail2ban.log'

And so on with all the combinations we want, 3 files, 4 files, window divided vertically, horizontally, both, etc…

Remember that to reload the bash configuration we will execute:

# source ~/.bashrc

Useful keys in the multitail environment:

  • q – exit
  • Ctrl-h – help
  • c – change the color scheme
  • s – exchange window contents
  • v – switch to vertical or horizontal window mode
  • b – to scroll in the window (q to exit scroll)
  • 0…9 – Creates a flag to view changes from the set flag (0 for the first window, 1 for the second window…)
  • t – sample statistics
  • j – resize windows

Update 08/06/2024 :

New article on multitail with improvements on this one in Multitail, one to control them all.

Join my superlist ;)

I won't share your details with anyone or bombard you with emails, only when I publish a new post or when I have something interesting to share with you.

Leave a Comment