Whether it’s active development, deployment process or production run time, we developers always need to know what’s happening. And that information is available to us via the log files. We work in real time, and our logs reflect that, there is a lot of information in there; and many times we need to watch those logs in real time to analyze what is happening.
So, how do we read a file that is being appended to while we’re reading it?
The first command we usually learn for following a log file is
tail, throw a
-f option on at the command line, and we’re all set. Until the line in the log we’re looking for scrolls right past us and out of the buffer.
log navigation with less
Another handy command in our tool box for reading log files is
less. As a pager program
less allows us to navigate around and search for strings. Now that is useful for analyzing log content. But what about following the entries to the log file as they are appended? After all, we’re interested in the real-time actions.
less has a feature that is not well documented which allows us to follow a log file just like using
tail -f, with the added benefit of file navigation and search. A file such as a web server access log, or an application debug log, is a great option to see this real-time appending in action.
Let’s put this to work!
$ less /var/log/foo.log
this enters us into a page view of the log, at the first line. Navigation now is as simple as using the up/down arrows or the letters
k. This is basic functionality, well documented in the
less man pages.
Quickly jump to the end of the file
While in the standard page view of a file in less, you can quickly jump to the end of the file with
shift + g
log text line log text line last line of log on this page :
<shift + g>
jump to last line in the file (END)
We’re at the end of the file, but we care about what is being appended to the file right now, and all we see is the last line written to the file when we opened it.
shift + f puts us into follow mode. Now we have the same functionality as
tail -f, with more power. Now we can observe the real-time content appended to the log file we’re reading.
Search the File
To return to standard pager mode we use
ctrl + c. In this mode we can use the search features in less:
/<search term> : searches forward in the file for
?<search term> : searches backward in the file for
n : finds the next location of
shift + n : finds the previous location of
Follow the term
After we enter search mode, whenever the term appears in the log it will be highlighted. Jumping forward and backward in the file, the term remains highlighted. Let’s use that to help watch the logs for our search term while the log is being written.
shift + g jumps us the end of the file, then we
shift + f to follow. Now as the log is appended with real-time activity we can watch the file for our search term, it will be highlighted.
Some judicious use of the commands we’ve learned help us to follow real-time and navigate backward and forward. If we have a search term defined, and watched it scroll past us amongst the other useful comments in log file, we can get back there quickly.
ctrl + c : cancel follow mode
shift + n : search backward in the file for our search term
less Is more
After I learned about the follow feature of
less it became my default log reading command. The flexibility of the features I’ve described above have made log navigation much easier for real-time analysis.