2

I would like to monitor my /var/log/syslog continuously. However while monitoring, I would like to avoid certain pattern(s) while monitoring. I am interested only in the last 15 (for example) lines.

For the usual monitoring I use the command:

watch -n 1 tail -n 15 /var/log/syslog

Whereas, what I actually would like to have is something like:

watch -n 1 tail -n 15 /var/log/syslog | grep -v -E 'pattern1|pattern2'

Being more specific with my requirement:

I would like to continuously monitor entries in the syslog, avoiding certain pattern(s). The screen should get refreshed every fixed period (say 1s or 2s).

Following are more (failed) attempts:

watch cat /var/log/syslog | grep -v -E 'pattern1|pattern2'

A (partially) successful attempt:

while true;
do 
  clear;
  cat /var/log/syslog | grep -v -E 'pattern1|pattern2' | tail -15;
  sleep 1;
  echo '\"CTRL-C\" to close';
done

However the smoothness of watch is lost here.

Summary

So the question is is there any way to combine watch, tail and grep?

I am using bash 4.4.7 on 17.04.

Zanna
  • 69,223
  • 56
  • 216
  • 327
Mike V.D.C.
  • 878
  • 1
  • 8
  • 17
  • so, noob question from me - what's wrong with `tail -f`? That works with `grep`... – Zanna Jun 27 '17 at 14:21
  • I need only last 15 lines to be displayed on the screen. This I can mange by `watch` clubbed with `tail`. – Mike V.D.C. Jun 27 '17 at 14:30
  • In what way doesn't it work? my *guess* is you're not seeing what you expect because grep is buffering – steeldriver Jun 27 '17 at 14:39
  • `tail -f` will keep on priducing the output. The first line on the screen (till the screen fills up and starts scrolling) will always be the same. I would only last `n` lines displayed. In some sense, *forced scrolling*. – Mike V.D.C. Jun 27 '17 at 14:51
  • 1
    _A Dumb man's workaround_: Adjust the size of your window, so that only `n` lines fit and then use `tail -f`. Then you will achieve what you want! Adjusting size is (trivially) possible for a `gnome-terminal`. But its also possible for `screen/tmux` based terminals. – user5325 Jun 27 '17 at 14:57
  • You might check out `glogg`. It can monitor syslog, or any log file, and give you control over search strings. – heynnema Jun 27 '17 at 15:40
  • 1
    Try `watch -n 1 'tail -n 15 /var/log/syslog | grep -v -E "pattern1|pattern2"'` (the quoting is significant; you want the whole pipeline to run in the `watch` I think) – steeldriver Jun 27 '17 at 16:13
  • @heynnema, I will have a look at `glogg`. – Mike V.D.C. Jun 28 '17 at 04:32
  • @steeldriver, great! It works... So quotes at the appropriate places was the only thing I was missing! Thanks. – Mike V.D.C. Jun 28 '17 at 04:33

1 Answers1

0

The issue with your watch -n 1 tail -n 15 /var/log/syslog | grep -v -E 'pattern1|pattern2', I think, is that it runs tail -n 15 /var/log/syslog inside watch, then pipes the result to grep. That almost certainly causes the intermediate output to be buffered in such a way that you don't see what you expect (at least, not when you expect it).

There's probably a way to achieve what you want with clever use of stdbuf and/or the --line-buffered grep option, however a simpler way is to run the whole pipeline inside watch:

watch -n 1 'tail -n 15 /var/log/syslog | grep -v -E "pattern1|pattern2"'
steeldriver
  • 131,985
  • 21
  • 239
  • 326