1.tailf logfile
There is a log file, which is very large; when I want to see the latest write, the first thing that comes to my mind is tailf, probably because tailf is 2 characters less than tail -f. However, there is no output for a long time, I feel that it should not be, no matter how big the file is, it is faster to start the search from the end of the file; try using tail -f instead, and the result will be obtained soon.
Let's talk about the difference between the two:
1. tailf always reads from the beginning of the file bit by bit, while tail -f starts to read from the end of the file
2. When the tailf check file grows, the file name is used, and the stat system call is used; while tail -f uses the opened file descriptor; Note: tail can also achieve the effect of tracking the file name; but tail Always use the fstat system call, not the stat system call; the result is: by default, when tail's files are surreptitiously deleted, tail doesn't know about it, but tailf does.
2. tail -n 1000 logfile
View the last 1000 log records in the log file
3.tail -n 1000 logfile | grep key
Find the record with the keyword key in the last 1000 logs of the log file
4.tail -n 1000 logfile | grep key -A 10
Find the record of the keyword key and the next 10 records in the last 1000 records of the log file logfile
5.tail -n 1000 logfile | grep key -B 10
Find the record of the keyword key and the first 10 records in the last 1000 records of the log file logfile
6.tail -n 1000 logfile | grep key --color
Find the record for the keyword key in the last 1000 records of the logfile logfile and highlight the key
7.tail -f logfile | grep key --color
View the log file logfile. When the new content of the log file contains a record of the keyword key, the key is highlighted.
8.cat mobile-gateway* | grep queryScanAttachInfoAppByCode --color | grep KDCS39300041068 --color | grep "2017-12-19 17:24*"