In the world of Linux server administration, I am not easily impressed, but – once in a while, a tool comes along that impresses me so much that I have to talk about it.  One such tool has risen to the top of my best tool list is – MultiTail.

MultiTail monitoring 24 log files
MultiTail describes itself as “Tail on Steroids”
Tail on Steroids is putting it mildly!
I would say it should also be looked at as..
“Tail for the rest of US”.

Any system administrator that works on production servers knows the value of monitoring logs in real time.  Tail is great for doing just that, but what if you need to monitor two or more logs and/or files in real time to compare information?  You can cobble together several sessions of Tail spanned across multiple monitors, but why would you when you can use MultiTailMultiTail will allow you to monitor in real time all the logs and files you want on just one monitor.

I have been using MultiTail now for over two months and with each passing day, I find new and exciting ways to use this package.  One client has a dedicated server that serves httpd on three production websites.  These three websites generate a lot of traffic and we use MultiTail to monitor the access_log and error_log in real time on each domain looking for patterns of hacking, attacking and DoS.  Certain attackers generate repeatable and/or predictable errors that we can filter for and monitor in real time.

Typical MultiTail Session - on image to see full picture - image courtesy of vanhedsden.com

One of the more interesting features of MultiTail is that you can use Regex to filter your monitoring which allows the user to better focus on what is being monitored while discarding noise and data pollution that is not relevant to the search.

Another cool feature is the ability to use color to differentiate between different monitored expressions, files, stings, etc.  For a person like myself, I find that when I am working from the command line, if everything is in black and white, I come down was a severe case of ADD (Attention Deficate Disorder) real fast.  Color helps me define what I am looking for and helps to break up the monotony of a monochrome environment.  Command line, you might ask, who uses command line, well I hate to say it, yes while I have a GUI, I still use the command line 80% of the time.

The list of features that MultiTail has are exhaustive, too many to list here, but if you wish to review the list of features, we have a link – FEATURES

MultiTail monitoring 4 logs at the same time.

For those of you using RHEL or CentOS, you can install MultiTail from the command line with YUM.  Just type yum install multitail.  CentOS will install MultiTail Version 5.2.6 – the latest avilable.

So in closing for Linux System Admins, Code Heads and others wanting to monitor files and logs in real time, we cannot recommend any better colution than MultiTail.  For those of you who are on the MS Windows platform and wish to experiment with MultiTail you can use Cygwin which allows you to run UNIX/Linux programs on Microsoft Windows.

The CodingCREW toolbox has links to MultiTail along with many of the other tools we use and recommend.  MultiTail should be in every system administrors arsenal of tools.