The Tell-Tail Heart

by Robert Daeley

If you've had the chance to use the tail command in the Mac OS X Terminal, you'll know that it will display for you a certain number of lines (by default, 10) at the end of whatever text input you give it -- usually a filename. So, for example,

tail /var/log/system.log

will show you the last 10 lines of the system's master log file. (Contrast with the head command, which gives you the first 10 lines by default.) Add the -n flag to the command, like this:

tail -n 3 /var/log/system.log

and you'll get the last 3 lines of the file. Another really useful flag is -f:

tail -f /var/log/crashreporter.log

This sets tail to wait for more input after its initial display, turning the Terminal window into a log monitor. The next time a crash happens that gets recorded in the crashreporter.log, you'll see the message in your window. Use Control-C to exit tail.

(In fact, the Console utility that comes with OS X uses windows that mimic the output of tail -f foo commands, in any number of windows. It's under /Applications/Utilities in case you weren't aware of it.)

Like any good unix command, tail can be used with pipes. And a cool use of this is in conjunction with the all-powerful grep command, which allows you to find stuff in text files. For example, let's say you need to find any instances in the last 50 lines of your crashreporter.log of the words 'crashdump started'. Here's a easy way to do it:

tail -n 50 /var/log/crashreporter.log | grep "crashdump started"

If your log is like mine, a dozen or so lines will scroll by containing that phrase. Used along with regular expressions, this combo can get pretty dang powerful.

Putting all these ideas together allows us to do something really geeky like this:

tail -f /var/log/system.log | grep AirPort

If you issue that command right now, you will almost certainly see nothing happening -- except that tail seems to be waiting, which it is. Here's what we asked for: With any new input in the system.log, display any lines that contain the word AirPort. So if you were troubleshooting your wireless connection, or wanted to know when your AirPort goes off and on, this would be one way to display that info.

Here's another scenario. Let's say you've bought some advertising for your website on the ever-popular 'example.com' site earlier today and would like to see if anybody is getting sent over to you.

tail -f /var/log/httpd/access_log | grep example.com

Now when the Apache access log gets written to, and it contains the text 'example.com', that line will be displayed in your Terminal window for your obsessive monitoring needs.

One thing to remember about the text you want to search for -- it is by default case-sensitive (so example.com is different than Example.com), and standard command-line rules apply for escaping special characters in your search string (like the space in "crashdump started").

Check out the man page for tail to get a few other options that are handy in various situations, and read up on grep for more amazing command-line tricks.

tail -f comments.log


2 Comments

Karuna
2006-06-05 04:18:53
There is one more tool similar to "tail -f" called MakeLogic Tail. Interesting part is that it has an easy to GUI and other productive features. Pls see if this is of any help


http://www.makelogic.com/tail/TailHome.htm

karuna
2006-06-07 23:56:54
MakeLogic Tail is a free tool similar to "tail -f" of linux.
It has an easy to use GUI and runs on Windows and Linux.


Get it from:


http://www.makelogic.com/tail/TailHome.htm



- Karuna