ccze is not longer maintained

for debugging problems with your system it might be interesting to know what is happening in real time in your log files

(unfortunately there are also binary and packed old logs.gz files in /var/log)

this command will follow all file changes under /var/log and output the changes to one’s screen

show newly added lines/ changes to all log files as they are generated

which is very very nice to look at a system in real time

one might want to hit Ctrl+L to clear the screen from time to time…

download as script here: mon_logs_all.sh.txt

manpage: multitail.man.txt

# without color but: you can scroll it :)
find /var/log/* -type f \( -name "*" \) ! -path '*.gz*' -exec tail -n0 -f "$file" {} +

# with color but no scroll :( (ccze is only available in CentOS7 and Debian 9 and 10)
find /var/log/* -type f \( -name "*" \) ! -path '*.gz*' -exec tail -n0 -f "$file" {} + | ccze

# kind of the same same find *.log follow changes and colorize behavior
multitail --follow-all --mergeall -cs -I /var/log/*

# press f to see all files that are being changes-followed

# multitail help:
 --*- multitail 6.5.0 (C) 2003-2019 by folkert ÄT vanheusden PUNKT com -*--

multitail [-cs|-Cs|-c-] [-i] inputfile [-i anotherinputfile] [...]

 *** selecting files to follow ***
-i x             the following parameter is a filename (in case it starts with a dash)
-I x             like -i only this one merges this logfile into the previous window

-q x z           check every x seconds for new files by search criteria z, create a new window for those
-qs x y z        check every x seconds for new files by search criteria z, create a new window for those, use color scheme y
-Q x z           check every x seconds for new files by search criteria z, put them all in the same window (using subwindows)
-Qs x y z        check every x seconds for new files by search criteria z, put them all in the same window (using subwindows), use color scheme y
-iw file i       check every 'i' seconds if 'file' appeared in the filesystem
--new-only       (for -q/-Q) only create windows for files created after multitail was started, existing files are ignored

-f               follow the following filename, not the descriptor (e.g. when logrotate archives logfiles)
--follow-all     see -f: for all files after this switch
--retry          keep trying to open the following file until it is accessible
--retry-all      like --retry but for all following files

 *** selecting command output to follow ***
-l x             parameter is a command to be executed
-L x             see -l but merge the output to a previously created window
-r interval      restart the command when it terminated after `interval' seconds
-R interval      like -r, but only show the differences
-Rc/-rc interval like -r/-R but clean the window before each iteration

-j               read from STDIN (can be used only once)
-J               like -j but merge into previous window

--listen [interface]:port behave like a syslog server. port is normally 514
--Listen [interface]:port like --listen but merge into previous window

 *** merge parameters ***
--mergeall       merge all of the following files into the same window (in the previous window)
--mergeall-new   merge all of the following files into the same window (in a new window)
--no-mergeall    stop merging all files into one window
--no-repeat      suppress repeating lines and replace them with a "last message repeated x times"

 *** markers ***
--mark-interval x when nothing comes in, print a '---mark---' line every 'x' seconds
--mark-change    when multiple files are merged an multitail switches between two windows, print a markerline with the filename
--no-mark-change do NOT print the markerline when the file changes (overrides the configuration file)

 *** initial tail / scrollback parameters ***
-n x             initial number of lines to tail
-m x             set scrollback buffer size (# lines)
-mb x            set scrollback buffer size (in bytes, use xKB/MB/GB)
-bw a/f          what to buffer: 'a'll or what went through the 'f'ilter

 *** "tee" functionality ***
-a x             like 'tee': write (filtered) input to file 'x'
-A x             see -a: but write the unfiltered(!) input to file 'x'
-g x             redirect the input also (filtered) to command/process 'x'
-G x             redirect the unfiltered input also  to command/process 'x'

 *** screen layout ***
-s x             vertical split screen (in 'x' columns)
-sw x,x,...      at what columns to split the screen, use '0' for automatic size
-sn x,x,...      number of windows per column
-wh x            height of window

 *** filtering ***
-fr scheme       use the predefined filter from the configuration file
-e[m]            print only when matching with this regexp
-ev              print only when NOT matching with this regexp
-ec              use regular expression but display the matches inverted on following file
-eC              use regexp, display everything but matches inverted on following file
-ex              execute command ('-ex regexp command') when matches, matching line is given as commandline parameter
-eX              like -ex but only give the matching substring as commandline parameter to the command
-E               use regular expression on following files
-Ec              use regular expression but display the matches inverted on following files
-EC              use regexp, display everything but matches inverted on following files
-ke x            strip parts of the input using regular expression 'x'
-kr x y          strip parts of the input starting at offset x and ending (not including!) offset y
-kc x y          strip parts of the input: strip column 'y' with delimiter 'x'
-ks x            use edit scheme 'x' (defined in configuration file)
-kS x            only show the substrings matched by the substring-selects (the parts between '(' and ')') in the regular epxression 'x'
-v               invert next regular expression (do not use with -ev/em)

 *** colors ***
-cv x            use conversion scheme 'x' (see multitail.conf)
-c               colorize current
-cS scheme       use color scheme 'scheme' (as defined in multitail.conf)
-csn             extra switch for the following switches; do not use reverse (inverted) colors
-Cs              colorize all following files with syslog-scheme
-C               colorize all following files
-Cf/-cf field delimiter colorize next/all file(s) depending on the given field number. fields are delimited with the given field-delimiter
-ci color        use 'color' (red, green, etc), usefull when merging multiple inputs
-c-              do NOT colorize the following file
-C-              do NOT colorize the following files
-cT term         interpret terminal-codes from file/command (for terminal type 'term')
-Z color         set color for markerline
-w               do not use colors

 *** timestamps ***
-ts              add a timestamp (format configurable in multitail.conf) before each line
-T               put a timestamp in markerlines

 *** status line parameters ***
-d               do NOT update the status-line
-D               do not display a status-line at all
-du              put the statusline above the data window

 *** status line parameters ***
-z               do not show "window closed" pop-ups
-x str           show "str" in the xterm title bar
-t x             display 'x' in the window-title (when MultiTail runs in an xterm)
-u               set update interval (for slow links)

 *** input text handling ***
-p x [y]         set linewrap (l=left/a=all/r=right/s=syslog,S=syslog w/o procname,o=offset -> 'y',w=wordwrap)
-P               like -p but for all following files
-b n             set TAB-width
--cont           reconnect lines with a '' at the end

 *** line prefixes ***
--basename       only display the filename (and not the path) in the statusline
--label x        put in front of each line
-S prepend       show subwindow number in merged output

 *** configuration file ***
-F file          use 'file' as configuration file (instead of /etc/multitail.conf)
--no-load-global-config do not read /etc/multitail.conf
-o config_file_parameter do a setting which would normally be set in the configuration file

 *** monitoring ***
-H x             show heartbeat (to keep your sessions alive)
--beep-interval x beep every x lines processed
--bi x           like '--beep-interval' but only for current (sub-)window
--closeidle x    close windows when more then 'x' seconds no new data was processed

 *** miscellaneous ***
-V               show version and exit
-h               this help

You can have multiple regular expressions per file/command. Be warned: if
you define multiple and one of them is specified with '-E' (=for every
following file), _all_ of the current regular expressions are for all
following files!

For help at any time press F1.

ccze is only available in older CentOS7 and Debian 9 and 10

# apt based
apt install ccze
# rpm based
yum install ccze
# unfonrtunately author of ccze does not want to support it any further
yum info ccze
Installed Packages
Name        : ccze
Arch        : x86_64
Version     : 0.2.1
Release     : 11.el7
Size        : 243 k
Repo        : installed
From repo   : epel
Summary     : A robust log colorizer
URL         : http://bonehunter.rulez.org/CCZE.html (404) -should-be-> https://github.com/madhouse/ccze
License     : GPLv2+
Description : CCZE is a roboust and modular log colorizer, with plugins for apm,
            : exim, fetchmail, httpd, postfix, procmail, squid, syslog, ulogd,
            : vsftpd, xferlog and more.

author’s blog: https://asylum.madhouse-project.org/blog/2015/05/07/grepping-logs-is-still-terrible/

links

also: if user wants to inspect log files lnav (colorful less) might be nice

journalctl

journalctl may be used to query the contents of the systemd(1) journal as written by systemd-journald.service(8).

If called without parameters, it will show the full contents of the journal, starting with the oldest entry collected.

If one or more match arguments are passed, the output is filtered accordingly.

-x, --catalog
# very detailed output (black and white)
# go to end of log hit "Shift+G"
# go to start of log type: "gg"
journalctl -lx _SYSTEMD_UNIT=docker.service

Augment log lines with explanation texts from the message catalog.
This will add explanatory help texts to log messages in the output
where this is available.

These short help texts will explain the context of an error or log event, possible solutions, as well as pointers to support forums, developer documentation, and any other relevant manuals.

Note that help texts are not available for all messages, but only for selected ones. For more information on the message catalog, please refer to the Message Catalog Developer Documentation[4].

journalctl.man.txt

systemctl

systemctl.man.txt

systemctl may be used to introspect and control the state of the “systemd” system and service manager. Please refer to systemd(1) for an introduction into the basic concepts and functionality this tool manages.

systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-08-22 19:04:26 CEST; 14h ago
     Docs: http://docs.docker.com
 Main PID: 3699 (dockerd-current)
    Tasks: 80
   Memory: 68.5M
   CGroup: /system.slice/docker.service

possible alternatives:

yum info multitail

Available Packages
Name        : multitail
Arch        : x86_64
Version     : 6.4.2
Release     : 1.el7
Size        : 161 k
Repo        : epel/x86_64
Summary     : View one or multiple files like tail but with multiple windows
URL         : http://www.vanheusden.com/multitail/
License     : GPLv2
Description : MultiTail lets you view one or multiple files like the original tail
            : program. The difference is that it creates multiple windows on your
            : console (with ncurses). It can also monitor wildcards: if another file
            : matching the wildcard has a more recent modification date, it will
            : automatically switch to that file. That way you can, for example,
            : monitor a complete directory of files. Merging of 2 or even more
            : logfiles is possible.
            : It can also use colors while displaying the logfiles (through regular
            : expressions), for faster recognition of what is important and what not.
            : Multitail can also filter lines (again with regular expressions) and
            : has interactive menus for editing given regular expressions and
            : deleting and adding windows. One can also have windows with the output
            : of shell scripts and other software. When viewing the output of
            : external software, MultiTail can mimic the functionality of tools like
            : 'watch' and such.
admin