When monitoring log files in real-time using tail -f, we often need to filter the output to display only lines containing specific patterns. The naive approach of piping to grep might work but doesn't properly handle multi-line logs or provide optimal performance.
The simplest method combines tail -f with grep:
tail -f /var/log/syslog | grep "error"For more sophisticated filtering needs, consider these approaches:
# Case-insensitive matching
tail -f application.log | grep -i "critical"
# Multiple patterns
tail -f debug.log | grep -E "error|warning|exception"
# Show context around matches
tail -f transaction.log | grep -A 2 -B 2 "failed"
# Using awk for complex filtering
tail -f access.log | awk '/404/ {print $1,$7}'
To prevent output buffering delays:
stdbuf -oL tail -f logfile | grep --line-buffered "pattern"For production systems, consider dedicated tools:
# Using multitail
multitail -e "error" /var/log/syslog
# Using journalctl (systemd systems)
journalctl -f --grep="fail"
For high-volume logs, these optimizations help:
# Fixed string matching (faster than regex)
tail -f huge.log | grep -F "specific-string"
# Using ripgrep (rg) for better performance
tail -f massive.log | rg "critical-error"
When monitoring log files with tail -f, we often need to filter the continuous output stream for specific patterns. The native tail command doesn't include filtering capabilities, requiring piping to other utilities.
The simplest solution uses grep to filter for your keyword:
tail -f /path/to/file | grep "xxx"This will show only lines containing "xxx". For case-insensitive matching:
tail -f /path/to/file | grep -i "xxx"For more complex filtering needs:
# Show matching lines plus 2 lines of context
tail -f /path/to/file | grep -A 2 "xxx"
# Use regular expressions
tail -f /path/to/file | grep -E "error|warning"
# Highlight matches with color
tail -f /path/to/file | grep --color=auto "xxx"For more powerful filtering:
# Use awk for field-based filtering
tail -f /path/to/file | awk '/xxx/ {print $1, $3}'
# Multi-level filtering
tail -f /path/to/file | grep "xxx" | grep -v "exclude_pattern"
# Use less with follow mode
less +F /path/to/file | grep "xxx"For high-volume logs, consider more efficient tools:
# Use ripgrep (rg) for faster searching
tail -f /path/to/file | rg "xxx"
# Use ugrep with PCRE2 support
tail -f /path/to/file | ugrep "xxx"For long-term monitoring, combine with tee:
tail -f /path/to/file | grep "xxx" | tee -a filtered_output.logIf filtering doesn't work as expected:
# Check if output is being buffered
stdbuf -oL tail -f /path/to/file | grep "xxx"
# Verify file encoding
file -i /path/to/file