"Tailing" grep

[James Gray]

From: "Adam Funk"
Sent: Monday, October 1, 2007 11:05:55 PM (GMT+1000) Australia/Sydney

> On 2007-09-30, Brian Fahrlander wrote:
>>      While we've got the attention of the most-able on this subject, I'd 
>> like to reopen a discussion about a very similar tool: a 'grep' that 
>> happens on tailing a file.  There have been dozens of times that I'm 
>> looking for a message number in /var/log/mail.log and would love to see 
>> only the lines mentioning that message.
>>
>>      A couple of years ago I asked and got a "maybe you could write 
>> something", but I actually never could.  It's not as easy as it looks.
>>
>>      Any chance you guys have seen this done?
>
>If you're interested in doing this within a script called by cron or
>at, you might want to look at the logtail package (which is used by
>logcheck).  

I've always just done something like this:
tail --follow=name --retry <logfile> | grep "some string"

You can even get fancier with awk:
tail --follow=name --retry <logfile> | awk '/some string/ { print $1, $3 }'

This will match lines with "some string" in them, then only print the first and third fields (field delimited by white space).  To change the field delimiters, use "-F" with awk.  Using awk is handy as you can use all the nice awk math and text manipulators and re-order fields to suit your needs.

I didn't find the OP's original thread so I'm not sure if Brian was after something to use in a script running in the background, or whether he was after a "live" display (in a terminal etc).

Usual disclaimers apply, and as always "man" is your friend :)

Cheers,

James