Tuesday, May 22, 2018

How to monitor a log file in real-time

Recently I was working on a task where I had to monitor the log files from a ftp server. At one point I had to find out if a certain client had downloaded a file with a specific name, or look for entries from a client with a certain IP address.

One way to do this is opening the log file with a text editor and use the search function. Unfortunately this approach is not an easy way to detect updates, and the file has to be reopened every time the content gets changed. Luckily there are better ways to do this.

One of my all-time favorite tools is Baretail. This is a GUI alternative for the Unix program tail -f that allows you to read the last part (tail) of a file and follow (-f) updates in real-time. One of the many benefits it has to offer is color coding where you can easily highlight a line that contains a string that you may be interested in.

image

An alternative is the PowerShell command Get-Content with the -Wait switch, which gives the exact same result as tail -f. First of all this is a native PowerShell command so it works on systems where you can’t or won’t install 3rd party software. But more important, it’s PowerShell and thus extremely flexible and extensible.

One example that I used today is this: Get-Content .\fzs-2018-05-22.log -Wait | Select-String -Pattern '10.54.64.162'

image

Get-Content -Wait reads the content of the file and keeps doing so when new data gets added. Select-String accepts the objects from the pipeline and the -Pattern switch selects only the lines that match the specified pattern, in this case the IP address of a client that I’m interested in.

The best thing of course, is that the output is objects so you can do anything you want with it. Select, filter, trigger a work-flow are even color coding the output on the screen. Have fun!

No comments: