logtail2

Print log file lines that have not been read

Install

All systems
curl cmd.cat/logtail2.sh
Debian Debian
apt-get install logtail
Ubuntu
apt-get install logtail
Alpine
apk add logtail
image/svg+xml Kali Linux
apt-get install logtail
Fedora
dnf install logcheck
Windows (WSL2)
sudo apt-get update sudo apt-get install logtail
OS X
brew install logcheck
Raspbian
apt-get install logtail
Docker
docker run cmd.cat/logtail2 logtail2 powered by Commando

logtail

Print log file lines that have not been read

This program will read in a standard text file and create an offset marker when it reads the end. The offset marker is read the next time logtail is run and the text file pointer is moved to the offset location. This allows logtail to read in the next lines of data following the marker. This is good for marking log files for automatic log file checkers to monitor system events. The package also provides logtail2, which better deals with rotated log files: If logtail2 finds that the inode of the file was changed, it assumes that the log has been rotated, and tries to find the file it was rotated to using heuristic plugins. If it finds the file, it will print the remainder of the file starting at the offset saved to the offset file. If a file with the correct inode was not found, logtail2 will only print the new file in its entirety before writing a new offset file.

logcheck

mails anomalies in the system logfiles to the administrator

Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. Logcheck was part of the Abacus Project of security tools, but this version has been rewritten.