A few days ago, in my usual daily link browsing, I ran across a link to something called “glTail“, which was described as “realtime logfile visualization”. I’m often keeping an eye on my server logs to catch unusual activity, so I thought I’d give it it a look. There’s a video there that shows it in action — very cool!
For those of you aren’t interested enough to click the link yet, let me see if I can give a description that does it some justice:
- Monitors logfiles in realtime over an ssh connection to remote servers.
- Can monitor multiple logfiles on multiple servers, simultaneously.
- Currently has parsers for Apache, IIS, RubyOnRails, and Postfix logs (and I found that the Postfix parser works pretty good on Sendmail logs).
It’s written in Ruby, and requires OpenGL. Runs fine on my laptop under Ubuntu. And if you don’t know how to program in Ruby, don’t let that discourage you — I don’t know Ruby, but I’ve been able to modify the code enough to copy the “postfix” parser into a new “sendmail” parser, and customize it slightly. And I’m thinking about trying to write a parser for my MySQL logs. Hopefully, a future version will add more built-in parsers and move configuration into an external file, though.
Currently, I’m using it to monitor three of my WordPress blogs, plus my mail server. Several times now, I’ve easily spotted comment spam attacks, and quickly plugged them in my firewall. I added handlers to pop up notices whenever a comment is posted, and to track the posts-per-minute by IP number. One of my co-workers is planning to use it to see if our load balancer is actually balancing our web server requests evenly. All-in-all, glTail is a nice tool for your sysadmin arsenal.