MultiTail allows tail multiple logs

SysAdmins and developers often need to access multiple log files at the same time during monitoring and control tasks. To achieve this, each log file is usually opened in a new shell. In the traditional wise way, i.e. tail -f /var/log/messages.

However, if you want to run tail logs in real time, MultiTail can be tail multiple logs pulled in.

Install MultiTail on Fedora

The EPEL repository must be added.

yum install epel-release

Install Multitail on Fedora or RHEL as follows.

yum install -y multitail

MultiTail for Debian and Ubuntu

Multitail is installed on Debian with apt-get.

sudo apt-get update
sudo apt-get install multitail

Using MultiTail commands

By default, multitail does the same as tail -f, the files are displayed in real time to open two different files in one window, the basic syntax is:

multitail /var/log/apache2/access.log /var/log/apache2/error.log

For Debian above, and for Red Hat as follows, in addition, netstat -t shows the active connections to the web server:

multitail -cS apache -R 2 -l "netstat -t" /home/www/*/web/logs/access_log

All access_log logs are opened in the logs directories. The Apache Color schema displays the active connections to the web server.

The same output, but the first 3 logfiles in 3 columns, here is an Apache web server on CentOS:

multitail -s 3 -cS apache -R 3 -l "netstat -t" /home/www/*/web/logs/access_log

Pressing the ‘b’ key will display a list of the open log files, which can be selected individually by cursor.

To scroll through the log files, press ‘b’ and scroll up or down with the cursor keys. For help you press ‘h’ to output the available option in a list.

MultiTail advanced tail features

When scrolling, typing ‘G’ or ‘gg’ can get to the beginning or end of the log file, with ‘q’ you return and then leave multitail.

Postfix also has a color scheme, the syntax for /var/log/maillog as follows:

multitail -cS postfix -n 1000 /var/log/maillog

Many color schemes are defined in the /etc/multitail.conf configuration. For example for Asterisk, Bind, Samba, tcpdump and many more, new ones can be added, or the existing ones can be modified.

To prevent the multitail line with the parameters from having to be re-entered each time, the line can be executed from a script, the following lines can be easily inserted into a terminal:

cat <<EOF> /usr/bin/mtail
#!/bin/bash
multitail -cS apache -l "netstat -t" /home/www/*/web/logs/access_log
EOF

The script /usr/bin/mtail still needs to be made executable:

chmod +x /usr/bin/mtail

Here are just a few basic features of the multitail command. A complete list of options can be found in the multitail man page. With multitail -h the syntax help is output with a wide selection of possible parameters.

SSH Tunnel to Linux VNC Servers

VNC connections are considered unsafe because they are not encrypted. VNC sessions can be encrypted with OpenSSH, where traffic is routed through a secure SSH tunnel and is protected.

The SSH tunnel requires user login and the VNC port. The client command runs in the Linux CLI as follows:

$ ssh -L 5901:127.0.0.1:5901 -N -f -l USER 10.127.55.77

If user USER replaces it with the actual user name, a password is prompted to run the tunnel. Please note that this is the password for the SSH login, the user login to the VNC can ideally be the same UID, then the password is the same. The port that needs to be tunneled is 5901. The command runs on the computer of the VNC viewer. Registration takes place as usual:

login as: USER
USER@10.127.55.77's password:
Last login: Thu Oct 11 07:59:26 2018 from 10.127.55.70
[USER@fedora ~]$

With the VNC viewer, the virtual desktop session can now be run to the loopback address:

vncviewer 127.0.0.1:5901

Note: The options must be enabled for the OpenSSH Server in the /etc/ssh/sshd_config configuration file.

AllowTcpForwarding yes
X11Forwarding yes

SSH tunnel on Windows to vnC server

On Windows, an SSH tunnel to the VNC server can be opened using PuTTY or KiTTY, tunneling via the loopback interface and port 5901.

Under the Category, Connection – SSH – Tunnels, at Source Port 5901 is entered, Destination is 127.0.0.1:5901, then by clicking on Add the tunnel is added.

Clicking on Open starts the tunnel by logging in to the VNC host.

The secure SSH connection to the VNC server can now be initialized. Remote Host registers the loopback address 127.0.0.1 with port 5901 in the TightVNC viewer: 127.0.0.1:5901

After registration, Connection provides information about the current connection by clicking on the icon in the menu bar.