Is there a log of all activity I could open in terminal?

I'd like to have a terminal opened and study the processes and everything happening in a regular use of Ubuntu. What commands and files can I use to see the logs in real-time?

Thanks.


Solution 1:

Many things you simply cannot spot, because they are handled inside the application or process without any communication to "the outer world".

a random (totally incomplete) list of a few of the most important tools you could use however to monitor specific sections of what is going on:

  • the top command: from man top: The top program provides a dynamic real-time view of a running system. It can display system summary information as well as a list of processes or threads currently being managed by the Linux kernel. The types of system summary information shown and the types, order and size of information displayed for processes are all user configurable and that configuration can be made persis‐tent across restarts.
  • dstat. From man dstat: Dstat allows you to view all of your system resources instantly, you can eg. compare disk usage in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval)
  • wmctrl; although wmctrl does not provide realtime ongoing information, when used in a loop in a script, it is fairly easy to retrieve an almost realtime report or log on what happens concerning opened/moved/closed windows.
  • The dbus-monitor command, of which @Serg should be able to tell you much more. From man dbus-monitor: The dbus-monitor command is used to monitor messages going through a D-Bus message bus. See http://www.freedesktop.org/software/dbus/ for more information about the big picture. (in short: dbus is a simple way for applications to talk to one another. Note that dbus-monitor only works in cases where dbus is used, not as a general tool as mentioned by @heemayl (thanks!) )
  • The dconf watch command (relatively unknown). From man dconf:

       watch
           Watch a key or directory for changes.
    

    Try e.g. what happens in the output of dconf watch / , while editing system settings.

The bottom line is that there are many, many tools, each and every one of them to spot a specific section of what is happening. A one fits all answer is quite impossible, let alone a single terminal window to show even the beginning of "the whole picture".

Which tool is fit for your purpose depends on what events you specifically want to monitor.

Solution 2:

For viewing logs in real-time, use tail -f -n [number of lines] [file].

  • -f is for follow, which will pipe the appended log data to stdout (e.g. console window) as the data is written to the file
  • -n is for number of lines to follow

A good place to start would be /var/log/syslog. This is the default log file for many system events, services, and applications.

sudo tail -f -n 1000 /var/log/syslog

Your target service or application may use a different log file. Some services and applications have multiple log files. The Apache Web server, for example, has separate logs for access, errors, and SSL events. Also, some log files are configured to roll off into an archive file (usually in the same directory) after the original file reaches a certain size, e.g. 1 KB. Check the service or application's documentation (or search) for specific log file locations.

Also, you may find it helpful to open several console windows, and monitor multiple logs at once while you perform a test.

For example, if you were tracing events in a Web application that ran on Apache and used a MySQL database, you may want to open the following two commands in their own console windows. In fact, you may wish to trace these application logs along with the system log from above.

sudo tail -f -n 1000 /var/log/apache2/error_log
sudo tail -f -n 1000 /var/log/mysqld.log

As always, check the tail man pages for a full list of options:

man tail