User Commands latestlog(1) NAME latestlog - show changes to logfiles since the last time they were examined SYNOPSIS latestlog [ -hv ] [ -fdatabase ] [ -i ] [ -r ] [ -z ] [ -c|-p ] file [file ...] DESCRIPTION latestlog keeps a database of filenames, file sizes, and file modification times. For each of the listed files latestlog will compare the current modification time with the last time the user examined the file using latestlog. If the file has changed, latestlog will display only the lines added to the file if it can determine them, or the entire file if it cannot. The database is then updated with the current time and file size. The latestlog database uses the native NDBM database rou- tines (.dir and .pag files) to do its work. Databases should not be shared among users without forethought. OPTIONS -f database Uses database instead of the default, which is to exam- ine the SINCE_DB environment variable for the path to the database. -i Adds/resets entries for the listed files to the data- base. The next time latestlog the files, their entire contents (at that time) will be displayed. -r Treat the database as read-only and do not update it. -z Instead of displaying changes, exit with a return code equal to the number of files that would have been displayed. Implies -r. [-c|-p] Either dump the lines to standard output directly (-c), or invoke the program named in the PAGER environment variable to paginate each file (-p). If PAGER is not defined, /usr/bin/more is used. The default is -p. EXAMPLES Example 1: First Usage A user wishes to monitor /var/adm/messages for changes, and keep the database in $HOME/.lldb. Assuming that typing the -f option over and over is to be avoided, the SINCE_DB environment variable must first be set: SINCE_DB=$HOME/.lldb; export SINCE_DB (sh family) CMS Last change: 2000-02-21 1 User Commands latestlog(1) setenv SINCE_DB $HOME/.lldb (csh family) Next the database must be initialized with the logfile(s) to be monitored: latestlog -i /var/adm/messages Normal invocation can be used from then on: latestlog /var/adm/messages Example 2: Subsequent Usage (and logfile resetting) Continuing the first example, the logfile will likely be zeroed out on a periodic basis by some cron job. If a file has been modified but the file size has not increased, latestlog will assume that this is what has happened. In that situation, the entire file will be displayed. (This can result in false positives, meaning that the user will see older messages in the logfile; which was simply the case before latestlog was ever used.) So, after the logfile has been rotated and zeroed, normal usage will display all of the new file (which may still be zero length): latestlog /var/adm/messages Example 3: Adding Logfiles To the Database Continuing the previous examples, the user wishes to addi- tionally monitor a new logfile, apache.log, in his/her home directory. Adding a file to the database is the same as initializing it: latestlog -i $HOME/apache.log Monitoring of the two files continues as usual. Note that the full path to apache.log is given (see BUGS below). Example 4: Multiple Databases (and/or multiple users) If one user wishes to maintain multiple databases, the -f option will override the SINCE_DB environment vairable: latestlog -f /tmp/temp.lldb $HOME/temporary_debugging_log This is useful for getting the functionality of latestlog without cluttering up the "real" database. Example 5: What the Author Uses As a system administrator, I have syslogd(8|1M) writing to several files. I monitor all of them for changes using something along the lines of: CMS Last change: 2000-02-21 2 User Commands latestlog(1) latestlog /var/log/*/*log EXIT STATUS If -z is not given, the following exit values are returned: 0 Successful completion. >0 An error occurred. If -z is given, then the exit value is the count of files that would have been displayed (unless something goes wrong, in which case all bets are off). FILES SINCE_DB.{dir,pag} The SINCE_DB environment variable contains the full path to the database for that user. The actual files created/accessed will have .dir and .pag appended to them by the NDBM routines. SEE ALSO ndbm(5) DIAGNOSTICS Hopefully self-explanatory. If an error occurs and the -z option is given, then the exit values will not mean what you will think they mean. This is probably a bug. BUGS latestlog currently uses only filenames to distinguish files. So, in the command sequence cd /var/adm latestlog messages latestlog /var/adm/messages the same lines would be displayed twice, since "messages" is not the same name as "/var/adm/messages". A future revision will use 3-tuples (major device, minor device, inode) instead, since this will uniquely identify any file on a system. In the meantime, full pathnames are recommended as logfile arguments. latestlog is intended primarily for logfiles, and is inap- paropriate for files which do not grow via appending (and no other method). For example, if latestlog is used to monitor /etc/passwd for new user accounts, then changing the first line's entry from "root" to "rootuser" will incorrectly trigger the change-detection routines, and latestlog will print out the last four characters of the file the next time it is run. CMS Last change: 2000-02-21 3 User Commands latestlog(1) The LatestLog package currently only contains one program, latestlog. More are intended. AUTHOR/NOTES The LatestLog utilities were conceived and written by Phil Edwards after he got tired of reading a bunch of rapidly-changing logfiles during a difficult sendmail debugging session (during which he relearned that Exchange is a horrible MTA, but that's another rant). Celebnaur is pronounced with a hard C. LICENSING latestlog is released under the terms of the GNU GPL Version 2. It is currently hosted at http://latestlog.sourceforge.net/ . CMS Last change: 2000-02-21 4