tags:

views:

42

answers:

7
Q: 

Viewing Unix Log Files

We are having a discussion at work, what is the best UNIX command tool that to view log files. One side says use LESS, the other says use MORE. Is one better than the other?

+1  A: 

u may use any programs: less, nano, vi, tail, cat etc, they differents by functionality, so exists any log viewers: gnome-system-log, kiwi etc (they can sort log by date / type etc)

mcuw  2010-10-06 20:02:56
From experience I know that using VI or cat on a large log file will cause issues on a server (memory issues to be more specific), so those options are not very feasible
twoflowers  2010-10-08 16:17:45
A: 

Less is more. Although since when I'm looking at my logs I'm typically searching for something specific or just interested in the last few events I find myself using cat, pipes and grep or tail rather than more or less.

 2010-10-06 20:05:41
A: 

less is the best, imo. It is light weight compared to an editor, it allows forward and backward navigation, it has powerful search capabilities, and many more things. Hit 'h' for help. It's well worth the time getting familiar with it.

Bill Hoag  2010-10-06 20:21:50
A: 

I opt for less. A reason for this is that (with aid of lessopen) it can read gzipped log (as archived by logrotate).

As an example with this single command I can read in time ordered mode dpkg log, without treating differently gzipped ones:

less $(ls -rt /var/log/dpkg.log*) | less

enzotib  2010-10-06 20:32:29
A: 

A common problem is that logs have too many processes writing to them, I prefer to filter my log files and control the output using:

tail -f /var/log/<some logfile> | grep <some identifier> | more

This combination of commands allows you to watch an active log file without getting overwhelmed by the output.

Michael Shopsin  2010-10-06 20:36:05
A: 

On my Mac, using the standard terminal windows, there's one difference between less and more, namely, after exiting:

  • less leaves less mess on my screen
  • more leaves more useful information on my screen

Consequently, if I think I might want to do something with the material I'm viewing after the viewer finishes (for example, copy'n'paste operations), I use more; if I don't want to use the material after I've finished, then I use less.

The primary advantage of less is the ability to scroll backwards; therefore, I tend to use less rather than more, but both have uses for me. YMMV (YMWV; W = Will in this case!).

Jonathan Leffler  2010-10-06 21:02:00
A: 

Multitail is the best option, because you can view multiple logs at the same time. It also colors stuff, and you can set up regex to highlight entries you're looking for.

Marcin  2010-10-06 21:14:14

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi