Viewing logs on a remote linux server

linux log-files

Are there any nice tools for doing a 'tail -f' on a remote (linux) server? It would be nice to be able to do something like "taillog server_host /var/log/syslog" to view logs on various servers without having to ssh in.

How about an app that shows multiple logs side-by-side?


If the log files are being generated on the client server via the syslog facility then the best way is to setup the clients syslog daemon to forward those logs to a seperate host. For example, if I have an internal name syslog.private which points to the remote server that I want to receive the log entries. I can add the following line to the /etc/syslog.conf on the client server.

*.*          @syslog.private

and then restart the syslog daemon on the client

service syslog reload

This will cause every entry that passes through the clients syslog to be sent across the wire to syslog.private and if that machine is configured correctly, the entries will be available there as well. In RedHat systems this is controlled by the /etc/sysconfig/syslog file. Make sure the -r option is present 

% grep "SYSLOGD" /etc/sysconfig/syslog 
SYSLOGD_OPTIONS="-m 0 -r"

and then restart the syslog daemon on the receiving server.

You can also control what is forwarded to the remote server by adding exclusions, see the example below

*.*;mail.none   @syslog.private

Which says forward everything to syslog.private with the exception of anything sent to the mail facility.

If this solution works out for you, you may consider one of the alternate syslog implementations like rsyslog, or syslog-ng, which provide extra logging and storage options.


If you setup key-based ssh authentication and sudo on the remote hosts on the remote hosts to allow running tail against the log files without password prompting. It would be pretty easy to build a taillog script that does what you want like below. This doesn't really avoid ssh, but it does save you a couple steps.

#!/bin/bash
ssh $1 sudo tail -f $2

Or, you could setup syslog to forward all the log messages to a central system and then run your tail command on the syslog server. Just watch the log files on the central system.


I would highly recommend multitail for advanced log viewing. Self described as tail on steroids.

Related

Will my system fsck when I reboot?
How to determine the baud rate of a serial port?
How does BTRFS compare to ZFS? [closed]
Ubuntu - can non-root user run process in chroot jail?
Is Varnish with nginx better than just using nginx? [closed]
KVM: Which CPU features make VMs run better?
How to Automatically and Temporarily block an IP address making too many hits on the Server in a short timespan?
No targets available when trying to set alias target from Route 53 to S3
Wget: Is there a way to pass username and password from a file?
How to backup virtual machines on a standalone ESXi host?
Can't compile nginx with SSL support, OpenSSL not found
How to Ping explicitly from eth1 instead of eth0