When managing multiple Linux servers, constantly SSH-ing into each machine to check logs with tail -f becomes tedious. Developers and sysadmins need efficient ways to:
- View real-time logs without manual SSH connections
- Monitor multiple log files simultaneously
- Filter and search logs across servers
The simplest approach uses SSH with some clever options:
# Basic remote tail
ssh user@server "tail -f /var/log/syslog"
# With compression for slow connections
ssh -C user@server "tail -f /var/log/nginx/access.log"
# Watching multiple files
ssh user@server "multitail /var/log/syslog /var/log/auth.log"For more advanced functionality, consider these specialized tools:
1. lnav (Log File Navigator)
Install on your local machine:
sudo apt install lnav # Debian/Ubuntu
sudo yum install lnav # RHEL/CentOSRemote viewing via SSH:
ssh user@server "sudo cat /var/log/syslog" | lnav2. GoAccess (for web server logs)
# Real-time remote analysis
ssh user@webserver "tail -f /var/log/nginx/access.log" | goaccess --log-format=COMBINED -For viewing logs from multiple servers simultaneously:
1. Using multitail
multitail -l 'ssh user@web1 "tail -f /var/log/nginx/access.log"' \
-l 'ssh user@web2 "tail -f /var/log/nginx/access.log"'2. ELK Stack (Enterprise Solution)
Basic Filebeat configuration (/etc/filebeat/filebeat.yml):
filebeat.inputs:
- type: log
paths:
- /var/log/*.log
output.logstash:
hosts: ["your-logstash-server:5044"]Create aliases in your ~/.bashrc:
alias taillog='function _taillog(){ ssh $1 "tail -f $2"; };_taillog'
alias watchlogs='multitail -l "ssh web1 tail -f /var/log/syslog" -l "ssh db1 tail -f /var/log/mysql.log"'When implementing remote log viewing:
- Use SSH keys instead of passwords
- Limit sudo access for log viewing
- Consider VPN for sensitive environments
- Use logrotate to manage log file sizes
When managing multiple Linux servers, constantly SSH-ing into each machine to check logs becomes tedious. System administrators and DevOps engineers often need real-time visibility into logs across their infrastructure. Traditional SSH sessions can be:
- Time-consuming to establish for quick checks
- Difficult to maintain for prolonged monitoring
- Challenging to scale across multiple servers
The simplest approach uses SSH with some quality-of-life improvements:
# Basic remote tail
ssh user@remote_host "tail -f /var/log/syslog"
# Colored output with multitail
ssh user@remote_host "multitail -c /var/log/syslog"
# Following multiple logs
ssh user@remote_host "tail -f /var/log/syslog /var/log/nginx/error.log"For more powerful solutions, consider these specialized tools:
1. lnav (Log File Navigator)
# Install lnav
sudo apt install lnav
# Remote viewing via SSH
ssh user@remote_host "lnav /var/log/syslog"Features syntax highlighting, log merging, and SQL query capabilities.
2. Remote Syslog with syslog-ng
# On central server (receiving logs)
sudo apt install syslog-ng
# Configuration:
source s_remote { tcp(ip(0.0.0.0) port(514)); };
destination d_local { file("/var/log/remote_logs/$HOST.log"); };
log { source(s_remote); destination(d_local); };For viewing logs from multiple servers simultaneously:
1. GoAccess (Real-time Web Analytics)
# On each remote server
sudo apt install goaccess
goaccess /var/log/nginx/access.log -o /var/www/html/report.html --real-time-html2. ELK Stack Setup
For enterprise-level solutions:
# Filebeat configuration (on clients):
filebeat.inputs:
- type: log
paths:
- /var/log/*.log
output.logstash:
hosts: ["logstash_host:5044"]For teams needing collaborative access:
- Graylog: Open source log management
- Papertrail: Cloud-hosted log aggregation
- LogDNA: Kubernetes-friendly solution
For those preferring a scriptable approach:
#!/usr/bin/env python3
import paramiko
def remote_tail(host, user, key_path, log_path):
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(host, username=user, key_filename=key_path)
stdin, stdout, stderr = client.exec_command(f'tail -f {log_path}')
for line in stdout:
print(f"[{host}] {line.strip()}")