Is there a log of all activity I could open in terminal?
Solution 1
For viewing logs in real-time, use tail -f -n [number of lines] [file]
.
-
-f
is for follow, which will pipe the appended log data to stdout (e.g. console window) as the data is written to the file -
-n
is for number of lines to follow
A good place to start would be /var/log/syslog
. This is the default log file for many system events, services, and applications.
sudo tail -f -n 1000 /var/log/syslog
Your target service or application may use a different log file. Some services and applications have multiple log files. The Apache Web server, for example, has separate logs for access, errors, and SSL events. Also, some log files are configured to roll off into an archive file (usually in the same directory) after the original file reaches a certain size, e.g. 1 KB. Check the service or application's documentation (or search) for specific log file locations.
Also, you may find it helpful to open several console windows, and monitor multiple logs at once while you perform a test.
For example, if you were tracing events in a Web application that ran on Apache and used a MySQL database, you may want to open the following two commands in their own console windows. In fact, you may wish to trace these application logs along with the system log from above.
sudo tail -f -n 1000 /var/log/apache2/error_log
sudo tail -f -n 1000 /var/log/mysqld.log
As always, check the tail
man
pages for a full list of options:
man tail
Solution 2
Many things you simply cannot spot, because they are handled inside the application or process without any communication to "the outer world".
a random (totally incomplete) list of a few of the most important tools you could use however to monitor specific sections of what is going on:
- the
top
command: fromman top
: The top program provides a dynamic real-time view of a running system. It can display system summary information as well as a list of processes or threads currently being managed by the Linux kernel. The types of system summary information shown and the types, order and size of information displayed for processes are all user configurable and that configuration can be made persis‐tent across restarts. -
dstat
. From mandstat
: Dstat allows you to view all of your system resources instantly, you can eg. compare disk usage in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval) -
wmctrl
; althoughwmctrl
does not provide realtime ongoing information, when used in a loop in a script, it is fairly easy to retrieve an almost realtime report or log on what happens concerning opened/moved/closed windows. - The
dbus-monitor
command, of which @Serg should be able to tell you much more. Fromman dbus-monitor
: The dbus-monitor command is used to monitor messages going through a D-Bus message bus. See http://www.freedesktop.org/software/dbus/ for more information about the big picture. (in short:dbus
is a simple way for applications to talk to one another. Note thatdbus-monitor
only works in cases wheredbus
is used, not as a general tool as mentioned by @heemayl (thanks!) ) -
The
dconf watch
command (relatively unknown). Fromman dconf
:watch Watch a key or directory for changes.
Try e.g. what happens in the output of
dconf watch /
, while editing system settings.
The bottom line is that there are many, many tools, each and every one of them to spot a specific section of what is happening. A one fits all answer is quite impossible, let alone a single terminal window to show even the beginning of "the whole picture".
Which tool is fit for your purpose depends on what events you specifically want to monitor.
Solution 3
Try history
command, it displays the last $HISTSIZE
(default 500) executed command in terminal.
journalctl
command displays log messages, if system uses systemd
.
ps -aux
shows running processes, can be used with
ps -aux|grep xxxx
to select a specific process.
Solution 4
All activity is pretty broad. To add to the existing answers:
dmesg
dumps the kernel log to the terminal. Man page.strace
allows real-time tracing of all system calls from single a given process. Man page. Ubuntu page.perf
"strace on steroids." Perf is a very powerful tool for tracing events at various different granularities across the system, including kernel, individual process and individual CPU. Man page.
Related videos on Youtube
Comments
-
Mookey over 1 year
I'd like to have a terminal opened and study the processes and everything happening in a regular use of Ubuntu. What commands and files can I use to see the logs in real-time?
Thanks.
-
Jacob Vlijm about 8 years@heemayl I know, but it can give you usefull realtime information in many cases. Will add the remark though.
-
heemayl about 8 yearsWell, the only cases where
dbus
is being used..Nothing more, nothing less.. -
Jacob Vlijm about 8 years@heemayl Thanks! edited it into to the answer.
-
cat about 8 years
dstat
is cool, I didn't know about that. -
Vasconcelos1914 about 8 yearshtop works fine too
-
Rocky Raccoon about 8 yearsFor some logs,
sudo
may or may not be necessary depending on your user's privileges and the access rights on the file. You may need to beroot
or in theroot
group, which has critical security implications, so proceed carefully. -
Mookey about 8 yearsthis is what I was looking for, a kind of default log file for many systems. Many thanks.
-
Rocky Raccoon about 8 yearsUbuntu uses the
rsyslog
daemon to log system messages, andrsyslog
implements a feature called rate limiting. According to rsyslog.com/tag/rate-limiting, "this option limits the amount of messages written into logfiles by a process [for] huge amounts of messages in a short period of time." If you ever seersyslog
messages in your log file, it could mean that rate limiting has taken effect and kept new messages from being written to the log. You may need to adjust thersyslog
configuration to increase rate limits so you can see logged messages for your processes.