1. Overview

The tail command is frequently used to monitor log files. In this short tutorial, we’ll discuss approaches to augmenting tail‘s output with colors to highlight important information conveyed by log files.

2. Leveraging Input Commands’ Capabilities

Firstly, let’s talk about how some commands behave when they have their outputs piped to another program. Specifically, let’s consider what happens when tail gets its input through a pipe:

$ <some_command> | tail

Colors in the terminal are produced by using escape characters. By default, many commands detect when they’re writing to a pipe. When that’s the case, they produce a monochromatic output. By doing so, they produce no color-related escape characters, making the output cleaner, which is more appropriate, for instance, to store the contents in a file.

Such default behavior is usually desirable. However, when piping the content to programs intended to produce a visual output at the terminal, we actually need those escape characters.

When facing such situations, the first thing we should do is to check if the program feeding tail allows us to enable colors even when writing to a pipe. This is the case of ls and grep: By using the –color=always option, those programs will produce the necessary escape codes even when they write to a pipe.

3. Using Special Commands

In this section, we’re going to discuss some options involving special commands to colorize our logs.

3.1. grc

The grc program operates as a general-purpose colorizer. The program comes with a set of rules covering multiple log types, and we can freely add new rules or edit the existing ones. By default, grc will try to decide the right color configuration automatically. Let’s see some examples:

$ grc dig www.baeldung.com
$ grc ping -c 1 www.baeldung.com

3.2. multitail

The multitail program provides a number of useful features for log monitoring, like displaying multiple logs simultaneously, filtering based on regular expressions, and coloring entries according to predefined color schemes.

In the example below, we can see multitail listing /var/log/messages. The command automatically applies an appropriate color scheme:

$ multitail -i /var/log/messages

multitail provides an assortment of color schemes, available at /etc/multitail.conf file. The -cS option allows us to select the desired one. For example, let’s see how to engage the zarafa color scheme:

$ multitail -cS zarafa example.log 

We can easily add custom color schemes in the /etc/multitail.conf file.

3.3. colortail

Another simple, yet powerful, log colorizer is colortail. This tool provides a default color configuration file, which we can find at /etc/colortail/conf.colortail. We can provide alternative configurations using the -k or –config options.

In the example below, colortail displays a colored Nginx log, highlighting IP addresses:

$ colortail /var/log/nginx/access.log

4. Post-processing tail Output Using Standard Linux Utilities

In certain circumstances, we’re limited to using only the standard Linux commands.

In such cases, one of our options is to generate colored text by processing tail output. We can achieve this by including the escape sequences we need to generate colored output.

Let’s see an example that employs sed to colorize the output generated by tail. This combination prints lines containing “INFO” in green and lines containing “ERROR” in red:

$ tail -f /var/log/mylog.log | sed \
    -e 's/\(.*INFO.*\)/\x1B[32m\1\x1B[39m/' \
    -e 's/\(.*ERROR.*\)/\x1B[31m\1\x1B[39m/'

5. Conclusion

In this short article, we’ve navigated through many approaches to generating colored output using the tail command.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.