Colortail put color on your tail command output

You can install colortail from the official repositories of the major linux distributions, and basically you must use it just like you use the command tail. And you can set new regexp rules to detect patterns in the output and color them.

With and without color

I know: it's not a so brutal difference. But for me is good enough instead of the usual and raw command tail output:

Easy install

In ubuntu you can install with:

sudo apt install colortail

Easy customization

To edit the regexp rules and colors:

nano /etc/colortail/conf.colortail

Note: you can create more than one config-rules file and use each of them on demand using the option -k file. Use the command tail --help to display the options you can use.

My current default config file

[updated on 26/nov/2020] This is my current rules on this file, to be useful for different kind of LOG files (exim, apache access & error, etc.):

COLOR magenta
{
# matches the date
^(... ..).*$
# PHP message header
(PHP Notice:|PHP Warning:)
# mails
(\S*)@(\S*)
}

COLOR cyan
{
# matches the time
:(..:..:..)
# exim4 log
(..:..:..)
# apache log
\[(... ... .. ..:..:..\....... ....)
}

COLOR green
{
# matches the hostname
^... .. ..:..:.. ([^ ]+).*$
(GET (\S*))
}

COLOR yellow
{
# matches the "program" that wrote to syslog
^... .. ..:..:.. [^ ]+ ([^ ]+)
}

COLOR brightyellow
{
# on line
(on line) ([0-9]*)
# matches all ip adresses
^.*([0-9]{3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$
^.*([0-9]{2}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$
^.*([0-9]{1}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$
# matches two ip adresses in one line
^.*([0-9]{3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*([0-9]{3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$
^.*([0-9]{2}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*([0-9]{2}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$
^.*([0-9]{1}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*([0-9]{1}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$
}

COLOR brightred
{
# matches the word root
^.*(root).*$
# matches DENY
^.*(ppp-in DENY ppp0).*$
^.*(eth-in DENY eth0).*$
}

COLOR brightblue
{
# matches the output from the "program"
^... .. ..:..:.. [^ ]+ [^ ]+ (.*)
}

Examples of use

colortail /var/log/apache2/domains/inscripcion.online.log
colortail -n 1000 /var/log/exim4/mainlog

colortail /var/log/apache2/domains/inscripcion.online.error.log
colortail -f /var/log/apache2/domains/inscripcion.online.error.log

Note: This option -f is very useful on sysadmin tasks, not only with colortail but also with tail, and it cause to left open the displaying of the content of the file and continuously add new files that are added in real time to the file by the corresponding linux service. So this option is very useful to MONITOR IN REAL TIME errors or accesses on those LOG files while we do some actions affecting those services.