Is there a log of all activity I could open in terminal?
772
I'd like to have a terminal opened and study the processes and everything happening in a regular use of Ubuntu. What commands and files can I use to see the logs in real-time?
Many things you simply cannot spot, because they are handled inside the application or process without any communication to "the outer world".
a random (totally incomplete) list of a few of the most important tools you could use however to monitor specific sections of what is going on:
the top command: from man top:
The top program provides a dynamic real-time view of a running system. It can display system summary information as well as a list of processes or threads currently being managed by the Linux kernel. The types of system summary information shown and the types, order and size of information displayed for processes are all user configurable and that configuration can be made persis‐tent across restarts.
dstat. From man dstat:
Dstat allows you to view all of your system resources instantly, you can eg. compare disk usage in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval)
wmctrl; although wmctrl does not provide realtime ongoing information, when used in a loop in a script, it is fairly easy to retrieve an almost realtime report or log on what happens concerning opened/moved/closed windows.
The dbus-monitor command, of which @Serg should be able to tell you much more. From man dbus-monitor:
The dbus-monitor command is used to monitor messages going through a D-Bus message bus. See http://www.freedesktop.org/software/dbus/ for more information about the big picture. (in short: dbus is a simple way for applications to talk to one another. Note that dbus-monitor only works in cases where dbus is used, not as a general tool as mentioned by @heemayl (thanks!) )
The dconf watch command (relatively unknown). From man dconf:
watch
Watch a key or directory for changes.
Try e.g. what happens in the output of dconf watch / , while editing system settings.
The bottom line is that there are many, many tools, each and every one of them to spot a specific section of what is happening. A one fits all answer is quite impossible, let alone a single terminal window to show even the beginning of "the whole picture".
Which tool is fit for your purpose depends on what events you specifically want to monitor.
For viewing logs in real-time, use tail -f -n [number of lines] [file].
-f is for follow, which will pipe the appended log data to stdout
(e.g. console window) as the data is written to the file
-n is for number of lines to follow
A good place to start would be /var/log/syslog. This is the default log file for many system events, services, and applications.
sudo tail -f -n 1000 /var/log/syslog
Your target service or application may use a different log file. Some services and applications have multiple log files. The Apache Web server, for example, has separate logs for access, errors, and SSL events. Also, some log files are configured to roll off into an archive file (usually in the same directory) after the original file reaches a certain size, e.g. 1 KB. Check the service or application's documentation (or search) for specific log file locations.
Also, you may find it helpful to open several console windows, and monitor multiple logs at once while you perform a test.
For example, if you were tracing events in a Web application that ran on Apache and used a MySQL database, you may want to open the following two commands in their own console windows. In fact, you may wish to trace these application logs along with the system log from above.
All activity is pretty broad. To add to the existing answers:
dmesg dumps the kernel log to the terminal. Man page.
strace allows real-time tracing of all system calls from single a given process. Man page. Ubuntu page.
perf "strace on steroids." Perf is a very powerful tool for tracing events at various different granularities across the system, including kernel, individual process and individual CPU. Man page.
Many things you simply cannot spot, because they are handled inside the application or process without any communication to "the outer world".
a random (totally incomplete) list of a few of the most important tools you could use however to monitor specific sections of what is going on:
topcommand: fromman top: The top program provides a dynamic real-time view of a running system. It can display system summary information as well as a list of processes or threads currently being managed by the Linux kernel. The types of system summary information shown and the types, order and size of information displayed for processes are all user configurable and that configuration can be made persis‐tent across restarts.dstat. From mandstat: Dstat allows you to view all of your system resources instantly, you can eg. compare disk usage in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval)wmctrl; althoughwmctrldoes not provide realtime ongoing information, when used in a loop in a script, it is fairly easy to retrieve an almost realtime report or log on what happens concerning opened/moved/closed windows.dbus-monitorcommand, of which @Serg should be able to tell you much more. Fromman dbus-monitor: The dbus-monitor command is used to monitor messages going through a D-Bus message bus. See http://www.freedesktop.org/software/dbus/ for more information about the big picture. (in short:dbusis a simple way for applications to talk to one another. Note thatdbus-monitoronly works in cases wheredbusis used, not as a general tool as mentioned by @heemayl (thanks!) )The
dconf watchcommand (relatively unknown). Fromman dconf:Try e.g. what happens in the output of
dconf watch /, while editing system settings.The bottom line is that there are many, many tools, each and every one of them to spot a specific section of what is happening. A one fits all answer is quite impossible, let alone a single terminal window to show even the beginning of "the whole picture".
Which tool is fit for your purpose depends on what events you specifically want to monitor.
Try
historycommand, it displays the last$HISTSIZE(default 500) executed command in terminal.journalctlcommand displays log messages, if system usessystemd.ps -auxshows running processes, can be used withto select a specific process.
For viewing logs in real-time, use
tail -f -n [number of lines] [file].-fis for follow, which will pipe the appended log data to stdout (e.g. console window) as the data is written to the file-nis for number of lines to followA good place to start would be
/var/log/syslog. This is the default log file for many system events, services, and applications.Your target service or application may use a different log file. Some services and applications have multiple log files. The Apache Web server, for example, has separate logs for access, errors, and SSL events. Also, some log files are configured to roll off into an archive file (usually in the same directory) after the original file reaches a certain size, e.g. 1 KB. Check the service or application's documentation (or search) for specific log file locations.
Also, you may find it helpful to open several console windows, and monitor multiple logs at once while you perform a test.
For example, if you were tracing events in a Web application that ran on Apache and used a MySQL database, you may want to open the following two commands in their own console windows. In fact, you may wish to trace these application logs along with the system log from above.
As always, check the
tailmanpages for a full list of options:man tailAll activity is pretty broad. To add to the existing answers:
dmesgdumps the kernel log to the terminal. Man page.straceallows real-time tracing of all system calls from single a given process. Man page. Ubuntu page.perf"strace on steroids." Perf is a very powerful tool for tracing events at various different granularities across the system, including kernel, individual process and individual CPU. Man page.