Grep a Tail to Monitor Your Access Log in Color

Use tail and grep (egrep) to monitor your webserver logs and include some crude colorization.


Here is a quick example of how to monitor your access log and colorize the IP address of the remote user:
tail -f /var/log/lighttpd/access.log | egrep --color=auto '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'
It is crude, but works well enough. The first part tails our webserver access log using the -f switch. This is piped to egrep with the --color=auto switch to colorize the portion we are want, which is an IP address. The result is that the IP address of the remote user of the request is colorized. This makes it easier while monitoring such logs in a terminal. It isn't perfect and you can modify the regular expression to further foolproof it, but it works well enough for simple differentiation.

We can further adapt this slightly. Here are two more examples using this scheme. The first could filter out your local subnet, while the second filters out a local email client. tail -f /var/log/lighttpd/access.log | grep -v "192.168.1." | egrep --color=auto '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'
tail -f /var/log/lighttpd/access.log | grep -v "Thunderbird" | egrep --color=auto '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'
As you can see, the we know pipe the tail to grep with the -v switch which will filter out any line entries that contain the quoted text. You could add anything here such as IP addresses, particular page requests, certain domains, etc.

Quick. Easy. Adaptable.