|
Stoopid n00b piping question
I have a set of firewalls that I am dropping to syslog on a linux box, and I want to watch the events realtime. So I do something like this:
Code:
tail -f /var/log/fw01.log &Well, sort of. Problem is, I can't tell which device the messages are coming from, and I need to be looking at them at the same time. What I'd like to do is add "fw01:" or "fw02:" to all the stuff that shows up on the screen. Can I do that? It seems to me that should be an easy piping operation but I can't wrap my brain around it. |
I would suggest using the "watch" command. :)
It will show you what command you are "watching" as it runs. For example, I use it to watch my /proc/mdstat file for monitoring RAID activity: Code:
$ watch -n1 cat /proc/mdstat |
no need to use a pipe.
Code:
tail -f /var/log/fw01.log /var/log/fw02.logCode:
tail -f /var/log/fw01.log /var/log/fw02.log &basically: Code:
iptables -I INPUT 1 -j LOG --log-prefix="fw01: "e.g. OUTPUT/FORWARD and any custom chains you or your distro may have created (RH-Firewall-1-INPUT) |
OK, thanks for the info, but neither of these is what I'm looking to do here.
indienick, your solution still does not specify which input is coming from which host, which is the point of this question. junpa, I really don't want to mess around with iptables, and I do not want the logs themselves to record fw01:<whatever> and fw02:<whatever>. I just want the output displayed on the screen with these identifiers. It seems there *should* be a way to just preface every line coming through tail's stdout with a text identifier for easy viewing. The desired result is something like this: Code:
fw01: <date/ time> packet(xyz) from IP <abc> to IP <ghj> port <d> session <e> allowed.Thanks |
Code:
root@smurf(/var/log):# tail -f fw01.log | awk '{print"fw01: "$0}' &Code:
root@smurf(/var/log):# tail -f fw02.log | awk '{print"fw02: "$0}' & |
Hmm...
this seemed like a good answer but it's not putting anything to the screen. |
It works on several test boxes for me.
what exactly did you type? |
Code:
tail -f firewall-dmz.log | awk '{print"dmz: "$0}' &When I kill the process, I get a dump of all the stuff it was parsing. the format looks correct, it's just not showing it in realtime any more. |
well it seems like your version of awk buffers stdout.
what distro are you running? maybe the output of: awk -W usage awk -W version try: Code:
tail -f firewall-dmz.log | awk -W interactive '{print"dmz: "$0}' & |
this should work the way you want
Code:
tail -f fw01.log | sed -u 's/[^\n].*/fw01: &/' & |
Thanks a bunch!
Code:
root@mail:~# awk -W usageThat last post worked beautifully. Awesome, thanks. Now I have to ge research sed because I've never even heard of it before. Time to RTFM... :) |
| All times are GMT -5. The time now is 12:53 PM. |