Viewing logs on a remote linux server
Are there any nice tools for doing a 'tail -f' on a remote (linux) server? It would be nice to be able to do something like "taillog server_host /var/log/syslog" to view logs on various servers without having to ssh in.
How about an app that shows multiple logs side-by-side?
If the log files are being generated on the client server via the syslog
facility then the best way is to setup the clients syslog daemon to forward those logs to a seperate host. For example, if I have an internal name syslog.private
which points to the remote server that I want to receive the log entries. I can add the following line to the /etc/syslog.conf
on the client server.
*.* @syslog.private
and then restart the syslog daemon on the client
service syslog reload
This will cause every entry that passes through the clients syslog to be sent across the wire to syslog.private
and if that machine is configured correctly, the entries will be available there as well. In RedHat systems this is controlled by the /etc/sysconfig/syslog
file. Make sure the -r
option is present
% grep "SYSLOGD" /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-m 0 -r"
and then restart the syslog daemon on the receiving server.
You can also control what is forwarded to the remote server by adding exclusions, see the example below
*.*;mail.none @syslog.private
Which says forward everything to syslog.private
with the exception of anything sent to the mail
facility.
If this solution works out for you, you may consider one of the alternate syslog implementations like rsyslog, or syslog-ng, which provide extra logging and storage options.
If you setup key-based ssh authentication and sudo on the remote hosts on the remote hosts to allow running tail against the log files without password prompting. It would be pretty easy to build a taillog script that does what you want like below. This doesn't really avoid ssh, but it does save you a couple steps.
#!/bin/bash
ssh $1 sudo tail -f $2
Or, you could setup syslog to forward all the log messages to a central system and then run your tail command on the syslog server. Just watch the log files on the central system.
I would highly recommend multitail for advanced log viewing. Self described as tail on steroids.