How to continuously tail a log, find all files (sed), and display (cat) the found files

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite
1












How to I continuously tail -f a log, find all files (sed), and display (cat) the found files



example data in audit logs.



tail -f /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g'


output



./apache/20180508/20180508-1428/20180508-142802-WvH6QgoeANwAAMwsFZ4AAAAF
./apache/20180508/20180508-1428/20180508-142803-WvH6QgoeANwAAMwtFfcAAAAG
./apache/20180508/20180508-1428/20180508-142803-WvH6QwoeANwAAMwuFlUAAAAH
./apache/20180508/20180508-1513/20180508-151357-WvIFBQoeANwAAMwnE@4AAAAA
./apache/20180508/20180508-1513/20180508-151357-WvIFBQoeANwAAMwoFD8AAAAB
./apache/20180508/20180508-1516/20180508-151608-WvIFiAoeANwAAMz1FSwAAAAA
./apache/20180508/20180508-1516/20180508-151609-WvIFiQoeANwAAMz2FYIAAAAB
./apache/20180508/20180508-1516/20180508-151611-WvIFiwoeANwAAMz3FeEAAAAC
./apache/20180508/20180508-1516/20180508-151611-WvIFiwoeANwAAMz4Fj4AAAAD
./apache/20180508/20180508-2112/20180508-211205-WvJY9QoeANwAAM1MFCoAAAAA


works with echo



echo "./apache/20180508/20180508-1428/20180508-142802-WvH6QgoeANwAAMwsFZ4AAAAF" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


works with cat



cat /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


does not work with tail...



tail -f /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


I assume the tailing does not work because the script never terminates and sed is still caching the results until termination of the script.



Is there a way to make this work, continuously?







share|improve this question

























    up vote
    1
    down vote

    favorite
    1












    How to I continuously tail -f a log, find all files (sed), and display (cat) the found files



    example data in audit logs.



    tail -f /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g'


    output



    ./apache/20180508/20180508-1428/20180508-142802-WvH6QgoeANwAAMwsFZ4AAAAF
    ./apache/20180508/20180508-1428/20180508-142803-WvH6QgoeANwAAMwtFfcAAAAG
    ./apache/20180508/20180508-1428/20180508-142803-WvH6QwoeANwAAMwuFlUAAAAH
    ./apache/20180508/20180508-1513/20180508-151357-WvIFBQoeANwAAMwnE@4AAAAA
    ./apache/20180508/20180508-1513/20180508-151357-WvIFBQoeANwAAMwoFD8AAAAB
    ./apache/20180508/20180508-1516/20180508-151608-WvIFiAoeANwAAMz1FSwAAAAA
    ./apache/20180508/20180508-1516/20180508-151609-WvIFiQoeANwAAMz2FYIAAAAB
    ./apache/20180508/20180508-1516/20180508-151611-WvIFiwoeANwAAMz3FeEAAAAC
    ./apache/20180508/20180508-1516/20180508-151611-WvIFiwoeANwAAMz4Fj4AAAAD
    ./apache/20180508/20180508-2112/20180508-211205-WvJY9QoeANwAAM1MFCoAAAAA


    works with echo



    echo "./apache/20180508/20180508-1428/20180508-142802-WvH6QgoeANwAAMwsFZ4AAAAF" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


    works with cat



    cat /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


    does not work with tail...



    tail -f /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


    I assume the tailing does not work because the script never terminates and sed is still caching the results until termination of the script.



    Is there a way to make this work, continuously?







    share|improve this question























      up vote
      1
      down vote

      favorite
      1









      up vote
      1
      down vote

      favorite
      1






      1





      How to I continuously tail -f a log, find all files (sed), and display (cat) the found files



      example data in audit logs.



      tail -f /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g'


      output



      ./apache/20180508/20180508-1428/20180508-142802-WvH6QgoeANwAAMwsFZ4AAAAF
      ./apache/20180508/20180508-1428/20180508-142803-WvH6QgoeANwAAMwtFfcAAAAG
      ./apache/20180508/20180508-1428/20180508-142803-WvH6QwoeANwAAMwuFlUAAAAH
      ./apache/20180508/20180508-1513/20180508-151357-WvIFBQoeANwAAMwnE@4AAAAA
      ./apache/20180508/20180508-1513/20180508-151357-WvIFBQoeANwAAMwoFD8AAAAB
      ./apache/20180508/20180508-1516/20180508-151608-WvIFiAoeANwAAMz1FSwAAAAA
      ./apache/20180508/20180508-1516/20180508-151609-WvIFiQoeANwAAMz2FYIAAAAB
      ./apache/20180508/20180508-1516/20180508-151611-WvIFiwoeANwAAMz3FeEAAAAC
      ./apache/20180508/20180508-1516/20180508-151611-WvIFiwoeANwAAMz4Fj4AAAAD
      ./apache/20180508/20180508-2112/20180508-211205-WvJY9QoeANwAAM1MFCoAAAAA


      works with echo



      echo "./apache/20180508/20180508-1428/20180508-142802-WvH6QgoeANwAAMwsFZ4AAAAF" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


      works with cat



      cat /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


      does not work with tail...



      tail -f /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


      I assume the tailing does not work because the script never terminates and sed is still caching the results until termination of the script.



      Is there a way to make this work, continuously?







      share|improve this question













      How to I continuously tail -f a log, find all files (sed), and display (cat) the found files



      example data in audit logs.



      tail -f /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g'


      output



      ./apache/20180508/20180508-1428/20180508-142802-WvH6QgoeANwAAMwsFZ4AAAAF
      ./apache/20180508/20180508-1428/20180508-142803-WvH6QgoeANwAAMwtFfcAAAAG
      ./apache/20180508/20180508-1428/20180508-142803-WvH6QwoeANwAAMwuFlUAAAAH
      ./apache/20180508/20180508-1513/20180508-151357-WvIFBQoeANwAAMwnE@4AAAAA
      ./apache/20180508/20180508-1513/20180508-151357-WvIFBQoeANwAAMwoFD8AAAAB
      ./apache/20180508/20180508-1516/20180508-151608-WvIFiAoeANwAAMz1FSwAAAAA
      ./apache/20180508/20180508-1516/20180508-151609-WvIFiQoeANwAAMz2FYIAAAAB
      ./apache/20180508/20180508-1516/20180508-151611-WvIFiwoeANwAAMz3FeEAAAAC
      ./apache/20180508/20180508-1516/20180508-151611-WvIFiwoeANwAAMz4Fj4AAAAD
      ./apache/20180508/20180508-2112/20180508-211205-WvJY9QoeANwAAM1MFCoAAAAA


      works with echo



      echo "./apache/20180508/20180508-1428/20180508-142802-WvH6QgoeANwAAMwsFZ4AAAAF" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


      works with cat



      cat /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


      does not work with tail...



      tail -f /var/log/httpd/modsec_audit.log | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat


      I assume the tailing does not work because the script never terminates and sed is still caching the results until termination of the script.



      Is there a way to make this work, continuously?









      share|improve this question












      share|improve this question




      share|improve this question








      edited May 9 at 5:14









      Filipe Brandenburger

      3,451521




      3,451521









      asked May 9 at 3:28









      Artistan

      23825




      23825




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted










          Buffering is getting in the way.



          Use a while read line from the shell, which should read line-by-line and avoid most problems with buffering:



          tail -f /var/log/httpd/modsec_audit.log | while read line; do
          echo "$line" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat
          done


          Though you can probably do better than that, by using shell (bash) to match the filename from the log line too:



          tail -f /var/log/httpd/modsec_audit.log | while read line; do
          line=$line/*([^/])/.
          line=$line%]*
          [[ -n "$line" ]] && cat "$line"
          done





          share|improve this answer

















          • 2




            Not only buffering, plain xargs would read as many arguments as possible before executing cat. xargs -n 1 cat may solve that.
            – Kusalananda
            May 9 at 6:18










          • I like it! Is there a way to break out of the loop if i put this into a custom method?
            – Artistan
            May 9 at 12:56










          • @Artistan You can call break from within the while loop, that will work. If using a language such as Python is an option for you as well, that gives you even more flexibility to process the log file. Google for it, you'll find implementations of tail -f in Python that you can reuse.
            – Filipe Brandenburger
            May 9 at 13:05







          • 1




            Thanks again @FilipeBrandenburger. - my result is here, if you have any suggestions for improvements gist.github.com/Artistan/981e4b20e539b092b018fa1ad20e1219
            – Artistan
            May 9 at 15:08


















          up vote
          1
          down vote













          try with this:



          tail -f /var/log/httpd/modsec_audit.log | stdbuf -oL sed 's/[^/]*/./;s/].*$//g' | stdbuf -oL awk 'print $0' | while IFS='' read -r file; do cat $file ; done





          share|improve this answer





















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );








             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f442672%2fhow-to-continuously-tail-a-log-find-all-files-sed-and-display-cat-the-foun%23new-answer', 'question_page');

            );

            Post as a guest






























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote



            accepted










            Buffering is getting in the way.



            Use a while read line from the shell, which should read line-by-line and avoid most problems with buffering:



            tail -f /var/log/httpd/modsec_audit.log | while read line; do
            echo "$line" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat
            done


            Though you can probably do better than that, by using shell (bash) to match the filename from the log line too:



            tail -f /var/log/httpd/modsec_audit.log | while read line; do
            line=$line/*([^/])/.
            line=$line%]*
            [[ -n "$line" ]] && cat "$line"
            done





            share|improve this answer

















            • 2




              Not only buffering, plain xargs would read as many arguments as possible before executing cat. xargs -n 1 cat may solve that.
              – Kusalananda
              May 9 at 6:18










            • I like it! Is there a way to break out of the loop if i put this into a custom method?
              – Artistan
              May 9 at 12:56










            • @Artistan You can call break from within the while loop, that will work. If using a language such as Python is an option for you as well, that gives you even more flexibility to process the log file. Google for it, you'll find implementations of tail -f in Python that you can reuse.
              – Filipe Brandenburger
              May 9 at 13:05







            • 1




              Thanks again @FilipeBrandenburger. - my result is here, if you have any suggestions for improvements gist.github.com/Artistan/981e4b20e539b092b018fa1ad20e1219
              – Artistan
              May 9 at 15:08















            up vote
            1
            down vote



            accepted










            Buffering is getting in the way.



            Use a while read line from the shell, which should read line-by-line and avoid most problems with buffering:



            tail -f /var/log/httpd/modsec_audit.log | while read line; do
            echo "$line" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat
            done


            Though you can probably do better than that, by using shell (bash) to match the filename from the log line too:



            tail -f /var/log/httpd/modsec_audit.log | while read line; do
            line=$line/*([^/])/.
            line=$line%]*
            [[ -n "$line" ]] && cat "$line"
            done





            share|improve this answer

















            • 2




              Not only buffering, plain xargs would read as many arguments as possible before executing cat. xargs -n 1 cat may solve that.
              – Kusalananda
              May 9 at 6:18










            • I like it! Is there a way to break out of the loop if i put this into a custom method?
              – Artistan
              May 9 at 12:56










            • @Artistan You can call break from within the while loop, that will work. If using a language such as Python is an option for you as well, that gives you even more flexibility to process the log file. Google for it, you'll find implementations of tail -f in Python that you can reuse.
              – Filipe Brandenburger
              May 9 at 13:05







            • 1




              Thanks again @FilipeBrandenburger. - my result is here, if you have any suggestions for improvements gist.github.com/Artistan/981e4b20e539b092b018fa1ad20e1219
              – Artistan
              May 9 at 15:08













            up vote
            1
            down vote



            accepted







            up vote
            1
            down vote



            accepted






            Buffering is getting in the way.



            Use a while read line from the shell, which should read line-by-line and avoid most problems with buffering:



            tail -f /var/log/httpd/modsec_audit.log | while read line; do
            echo "$line" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat
            done


            Though you can probably do better than that, by using shell (bash) to match the filename from the log line too:



            tail -f /var/log/httpd/modsec_audit.log | while read line; do
            line=$line/*([^/])/.
            line=$line%]*
            [[ -n "$line" ]] && cat "$line"
            done





            share|improve this answer













            Buffering is getting in the way.



            Use a while read line from the shell, which should read line-by-line and avoid most problems with buffering:



            tail -f /var/log/httpd/modsec_audit.log | while read line; do
            echo "$line" | sed 's/[^/]*/./;s/].*$//g' | awk 'print $0' | xargs cat
            done


            Though you can probably do better than that, by using shell (bash) to match the filename from the log line too:



            tail -f /var/log/httpd/modsec_audit.log | while read line; do
            line=$line/*([^/])/.
            line=$line%]*
            [[ -n "$line" ]] && cat "$line"
            done






            share|improve this answer













            share|improve this answer



            share|improve this answer











            answered May 9 at 5:59









            Filipe Brandenburger

            3,451521




            3,451521







            • 2




              Not only buffering, plain xargs would read as many arguments as possible before executing cat. xargs -n 1 cat may solve that.
              – Kusalananda
              May 9 at 6:18










            • I like it! Is there a way to break out of the loop if i put this into a custom method?
              – Artistan
              May 9 at 12:56










            • @Artistan You can call break from within the while loop, that will work. If using a language such as Python is an option for you as well, that gives you even more flexibility to process the log file. Google for it, you'll find implementations of tail -f in Python that you can reuse.
              – Filipe Brandenburger
              May 9 at 13:05







            • 1




              Thanks again @FilipeBrandenburger. - my result is here, if you have any suggestions for improvements gist.github.com/Artistan/981e4b20e539b092b018fa1ad20e1219
              – Artistan
              May 9 at 15:08













            • 2




              Not only buffering, plain xargs would read as many arguments as possible before executing cat. xargs -n 1 cat may solve that.
              – Kusalananda
              May 9 at 6:18










            • I like it! Is there a way to break out of the loop if i put this into a custom method?
              – Artistan
              May 9 at 12:56










            • @Artistan You can call break from within the while loop, that will work. If using a language such as Python is an option for you as well, that gives you even more flexibility to process the log file. Google for it, you'll find implementations of tail -f in Python that you can reuse.
              – Filipe Brandenburger
              May 9 at 13:05







            • 1




              Thanks again @FilipeBrandenburger. - my result is here, if you have any suggestions for improvements gist.github.com/Artistan/981e4b20e539b092b018fa1ad20e1219
              – Artistan
              May 9 at 15:08








            2




            2




            Not only buffering, plain xargs would read as many arguments as possible before executing cat. xargs -n 1 cat may solve that.
            – Kusalananda
            May 9 at 6:18




            Not only buffering, plain xargs would read as many arguments as possible before executing cat. xargs -n 1 cat may solve that.
            – Kusalananda
            May 9 at 6:18












            I like it! Is there a way to break out of the loop if i put this into a custom method?
            – Artistan
            May 9 at 12:56




            I like it! Is there a way to break out of the loop if i put this into a custom method?
            – Artistan
            May 9 at 12:56












            @Artistan You can call break from within the while loop, that will work. If using a language such as Python is an option for you as well, that gives you even more flexibility to process the log file. Google for it, you'll find implementations of tail -f in Python that you can reuse.
            – Filipe Brandenburger
            May 9 at 13:05





            @Artistan You can call break from within the while loop, that will work. If using a language such as Python is an option for you as well, that gives you even more flexibility to process the log file. Google for it, you'll find implementations of tail -f in Python that you can reuse.
            – Filipe Brandenburger
            May 9 at 13:05





            1




            1




            Thanks again @FilipeBrandenburger. - my result is here, if you have any suggestions for improvements gist.github.com/Artistan/981e4b20e539b092b018fa1ad20e1219
            – Artistan
            May 9 at 15:08





            Thanks again @FilipeBrandenburger. - my result is here, if you have any suggestions for improvements gist.github.com/Artistan/981e4b20e539b092b018fa1ad20e1219
            – Artistan
            May 9 at 15:08













            up vote
            1
            down vote













            try with this:



            tail -f /var/log/httpd/modsec_audit.log | stdbuf -oL sed 's/[^/]*/./;s/].*$//g' | stdbuf -oL awk 'print $0' | while IFS='' read -r file; do cat $file ; done





            share|improve this answer

























              up vote
              1
              down vote













              try with this:



              tail -f /var/log/httpd/modsec_audit.log | stdbuf -oL sed 's/[^/]*/./;s/].*$//g' | stdbuf -oL awk 'print $0' | while IFS='' read -r file; do cat $file ; done





              share|improve this answer























                up vote
                1
                down vote










                up vote
                1
                down vote









                try with this:



                tail -f /var/log/httpd/modsec_audit.log | stdbuf -oL sed 's/[^/]*/./;s/].*$//g' | stdbuf -oL awk 'print $0' | while IFS='' read -r file; do cat $file ; done





                share|improve this answer













                try with this:



                tail -f /var/log/httpd/modsec_audit.log | stdbuf -oL sed 's/[^/]*/./;s/].*$//g' | stdbuf -oL awk 'print $0' | while IFS='' read -r file; do cat $file ; done






                share|improve this answer













                share|improve this answer



                share|improve this answer











                answered May 9 at 5:58









                matsib.dev

                14613




                14613






















                     

                    draft saved


                    draft discarded


























                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f442672%2fhow-to-continuously-tail-a-log-find-all-files-sed-and-display-cat-the-foun%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?