In the last week or so, I've developed a renewed appreciation for the File::Tail Perl module. If you haven't guessed from the name, this module provides a native Perl implementation of something akin to tail -f somefile and--better yet--it can do this on multiple files at the same time.
In case you're wondering, the reason I find it so helpful is that I've been building various tools that need to perform real-time scanning of log files. Specifically, I'm dealing with logs from a mail server (Exim) and a radius server. By putting the two together, I can determine, in real-time, which WCNet users may have infected machines which are using our designated mail relays for spamming.
Posted by jzawodn at January 18, 2004 08:19 PM
I'm found File::Tail to be VERY useful for watching single files, but occasionally a little wonky when trying to scan multiple files at once. Sometimes it seems to get deadlocked.
The good news is that POE (Perl Object Environment, http://poe.perl.org ) has the POE::Wheel::FollowTail wheel for doing the same thing. You just create a new instance for each file that you want to monitor, with a callback for each new line, and POE's built-in multitasking handles the rest.
I'm currently hacking on a swatch replacement using POE that watches multiple log files and then fires off notifications either in real-time or on a set schedule (15-mins, hourly, etc. This is also insanely easy with POE).
The linux version of tail seems to provide the ability to tail multiple files, but the BSD one doesn't.
I found ports/multitail is a pretty handy thing. It will display the files either windowed (curses) or joined, and can be configured for coloring.
NIFTY!
