How to set up real-time log monitoring on Linux

How to set up real-time log monitoring on Linux

Abstract: In Linux systems, real-time log monitoring is a very useful tool, which can help us obtain system logs and log information of specific applications in real time. This article will introduce how to set up real-time log monitoring on a Linux system and provide corresponding code examples.

1. Introduction
Real-time log monitoring is a tool that can view system log information in real time. It can help us quickly discover abnormal behavior of the system or application. In Linux systems, we can use some tools and commands to achieve real-time log monitoring, such as the tail command, journalctl tool, etc.

2. Use the tail command to implement real-time log monitoring
The tail command is a commonly used command in Linux systems. It can be used to view the updated content of files in real time. We can use the tail command to implement real-time log monitoring. The specific steps are as follows:

1. Open the terminal and enter the following command:

   tail -f /var/log/syslog

   The above command will output the system log in real time The latest contents of file/syslog.

2. If we want to view the log information of a specific application in real time, we can change the log file path in the command to the corresponding application log file path.

3. Use journalctl command to implement real-time log monitoring
journalctl command is a tool used in Linux systems to query and manage system log information. We can use the journalctl command to achieve real-time log monitoring. The specific steps are as follows:

1. Open the terminal and enter the following command:

   journalctl -f

   The above command will output the system in real time Log information.

2. If we want to view the log information of a specific application in real time, we can add the corresponding filter conditions to the command, such as the name of the application:

   journalctl -f -u application.service

   The above command Log information for specific applications will be output in real time.

4. Additional functions: real-time filtering and saving logs
In addition to viewing logs in real time, we can also filter logs and save them to specified files. The following is a sample code:

import subprocess

def monitor_log():
    log_file_path = "/var/log/syslog"  # 日志文件路径
    output_file_path = "/tmp/syslog_filtered.log"  # 过滤后的日志文件保存路径

    subprocess.Popen(
        ["tail", "-f", log_file_path],
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE
    )

    while True:
        line = input()  # 从终端输入读取每一行日志
        if "error" in line.lower():  # 过滤包含关键字"error"的日志
            with open(output_file_path, "a") as f:
                f.write(line + "
")  # 将过滤后的日志写入指定文件

if __name__ == "__main__":
    monitor_log()

The above code uses Python's subprocess module to call the tail command to implement real-time log monitoring, and filters the logs and saves them to a specified file by entering instructions.

Conclusion:
Real-time log monitoring is very useful in Linux systems, it can help us instantly discover abnormal behavior of the system or application. By using the tail command or journalctl command, we can achieve real-time monitoring of system logs or specific application logs. At the same time, we can further improve the effect of log monitoring by filtering and saving logs. I hope the code examples provided in this article will be helpful to your real-time log monitoring.

The above is the detailed content of How to set up real-time log monitoring on Linux. For more information, please follow other related articles on the PHP Chinese website!