Continuously monitor logs with tail that are occasionally rotated

Solution 1:

Ah, there's a flag for this.

instead of using tail -f /var/log/file we should be using tail -F /var/log/file

---

tail -F translates to tail --follow=name --retry as in;

• --follow=name: follow the name of the file instead of the file descriptor
• --retry: if the file is inaccessible, try again later instead of dying

Solution 2:

# tail --follow=mylog.log

From man tail:

With --follow (-f), tail defaults to  following  the  file  descriptor,
       which  means that even if a tail’ed file is renamed, tail will continue
       to track its end.  This default behavior  is  not  desirable  when  you
       really want to track the actual name of the file, not the file descrip‐
       tor (e.g., log rotation).  Use --follow=name in that case.  That causes
       tail  to track the named file by reopening it periodically to see if it
       has been removed and recreated by some other program.

So in this case using the -F option would be correct.

-F     same as --follow=name --retry

---

Solution 3:

The exact answer depends on your OS - but in many cases, tail -F will do the right thing.

---

Solution 4:

tail -F or tail --follow=name

---

Solution 5:

IMHO, it's a little odd to change your log file by SIZE rather than by date. Most system logs (in unix or linux) rotate on a weekly or monthly basis, and not based on size...This is something I like for various reasons, and also something which, if implemented, would solve your problem.

Eight years later, I don't know what the hell I was talking about here: there are tons of places where you want to rotate by size, because daily/weekly/monthly rotations can yield MASSIVE files which can cause serious issues.

From a more experienced perspective, the real question is why you'd want to sit and continuously tail a file that's growing so fast that you're rotating it more than daily...It'd be like watching the Matrix stream by.

These days you'd be better looking into some big data log aggregation like Splunk or Sumologic, where it can filter log events into classes and trigger based on specific log values...No need for watching live logs at all.