Server Activity via SSH

Is there a way I can view live server activity via SSH. Like failed logins, apache errors, etc?

5 Replies

Poor Man's System Monitoring:

Get gnu screen. Create N terminals in screen where N is the number of things you want to track.

In each terminal do:

tail -f /var/log/.log

So to view many general events I would tail syslog like this:

tail -f /var/log/syslog

We can certainly get more sophisticated than this but this does give you a live view of what's going on on your server with minimal setup.

It does not seen to be updating the screen as things happen.

I'm running

tail -F /var/log/{auth.log,apache2/{*-,}error.log,daemon.log,exim4/mainlog,fail2ban.log,debug,messages}

all the time inside a screen session, and I assure you it works as intended.

If you're planning to pipe it through grep before display, make sure to use –line-buffered argument to it.

Use these simple commands when you are inside your VPS hosting or dedicated server through SSH buddy -

tail -f /var/log/messages

tail -f /usr/local/apache/logs/error_log

To be noted that, if you are on a shared hosting account, you cannot run them as only 'root' has the above privileges .

A couple refinements:

Using -F instead of -f will entice tail to deal with log rotation; by default, -f follows the file by descriptor, instead of by name.

You can also tail more than file per incantation… e.g. you can "tail -F /var/log/syslog /var/log/exim4/mainlog". This is especially handy with web logs split across virtual hosts, like tail -F /srv/www/*/logs/access.log

But yes, tail is the bomb.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct