Almost everything that happens on a Linux system is logged in some way. These log files traditionally were stored plain ASCII text in a standard log file format, although they can be in binary format. Most logs are stored in the traditional system log subdirectory /var/log. Logs keep track of events, such as system errors, user activities, and transaction histories. These log files are everywhere.
For many years system and kernel logs were handled by a utility called syslogd. Most Linux-based operating systems have since moved to systemd, which has a journal. It’s a giant log file for the whole system. Various software and services write their log entries into systemd’s journalctl.
Applications capture an enormous amount of information to log files, especially as a server may generate multiple logs. It is important to review log files to obtain feedback about the activity and performance of the server, and to identify hints to solve any problems that may arise. Logs are essential for system auditing, debugging and maintenance.
We can use the tail utility to monitor a plain text log file. But it’s often not that effective. An administrator of a system can suffer from information overload. Reviewing the log files in an efficient way can be a very time consuming task. There’s a need for an alternative.
Linux has a good range of logging tools, although many are designed for large-scale deployments. They need to be installed and configured for servers. Instead of a belt and braces approach, there’s still a need for a good log file analyzer for the terminal.
The software featured in this article are all released under an open source license, and offer a lot more functionality than tail. Here’s our verdict captured in a legendary LinuxLinks-style rating chart.
| Console Log File Analyzers | |
|---|---|
| journalctl | Query and display messages from the journal |
| lnav | Curses-based tool for viewing and analyzing log files |
| angle-grinder | Slice and dice logs |
| MultiTail | Monitor logfiles and command output in multiple windows |
| Swatch | Simple Log Watcher is a useful tool to monitor just about any type of log |
This article has been revamped in line with our recent announcement.
 Read our complete collection of recommended free and open source software. Our curated compilation covers all categories of software. The software collection forms part of our series of informative articles for Linux enthusiasts. There are hundreds of in-depth reviews, open source alternatives to proprietary software from large corporations like Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. There are also fun things to try, hardware, free programming books and tutorials, and much more. |