"Tailing" grep (Was: cat and grep without destroying file)

Brian Fahrlander brian at fahrlander.net
Mon Oct 1 05:26:06 UTC 2007 

Gilles Gravier wrote:
> 
> 
> Joel Goguen wrote:
>> On Sun, 2007-09-30 at 17:04 -0500, Brian Fahrlander wrote:
>>  
>>> While we've got the attention of the most-able on this subject, I'd 
>>> like to reopen a discussion about a very similar tool: a 'grep' that 
>>> happens on tailing a file.  There have been dozens of times that I'm 
>>> looking for a message number in /var/log/mail.log and would love to 
>>> see only the lines mentioning that message.
>>>
>>>      A couple of years ago I asked and got a "maybe you could write 
>>> something", but I actually never could.  It's not as easy as it looks.
>>>
>>>      Any chance you guys have seen this done
>> I have a great deal of success with 'tail -f /var/log/mail.log | grep
>> XX' where XX is whatever you're looking for.  I actually use that exact
>> set of commands on a daily basis when I'm at work.
>>   
> 
> The magical part here is the "-f"... unfortunately, sometimes it's not 
> magical enough. Indeed your mail.log is most likely a rolling log (i.e. 
> when it reaches a certain size, the current mail.log is renamed to *.0, 
> while the last *.0 is renamed *.1, the last *.1 is renamed *.2 and so on 
> for the number of instances to be kept - for the /var/log/maillog it's 
> 6, if I remember well).
> 
> So the problem is when your file gets renamed *.0 that the "tail -f" 
> will stop because tail refers the file by the inode which doesn't change 
> when it is renamed... and when the renaming occurs, tail -f keeps 
> watching the old file (now called *.0 and not being appendend anymore).
> 
> What you want is for "tail -f" to keep looking, every now and then, say 
> every 5 seconds, to see if the file it was watching hasn't been moved 
> and a new file with the same name is being populated instead...
> 
> There is a flag for "tail" to do just that.
> 
> Try "tail -F" (UPPERCASE "F" instead of lowercase "f")... :)
> 
> Have fun with your newly discovered "tail -F /var/log/mail.log".

     Well, 1. The problem years-ago was instantaneous. It just didn't 
work, because it didn't wait.  2. The -F is pretty cool, too!

     Thanks!

-- 
  ------------------------------------------------------------------------
  Brian Fahrländer                 Christian, Conservative, and Technomad
  Evansville, IN                              http://Fahrlander.net/brian
  ICQ: 5119262                         AOL/Yahoo/GoogleTalk: WheelDweller
  ------------------------------------------------------------------------

More information about the ubuntu-users mailing list