RE: Log file monitoring - retail?

["Joseph Judge" <joej () ultranet com>]

Nope .. not "X" ... xtail was a program that was basically 
the "retail" program with some extras ->
        it would not leave a zombie if you disconnected
        it would show some status with a "control-c"
        it had to be quit with something like a control-d 

        - joe


> -----Original Message-----
> From: owner-firewall-wizards () nfr net
> [mailto:owner-firewall-wizards () nfr net]On Behalf Of reynhout () quesera com
> Sent: Wednesday, March 17, 1999 4:19 AM
> To: carson () tla org
> Cc: firewall-wizards () nfr net
> Subject: Re: Log file monitoring - retail?
>
>
> carson () tla org writes:
> > Once upon a time, I heard of a utility called retail. It was basically
> > 'tail -f' that noticed if a new file had replaced the old and
> > re-opened it (log file rotation, for example).
> >
> > However, I can now find no reference to this. Does anyone know it's
> > whereabouts, or if something equivilant exists?
>
> There was once a utility like the one you describe called xtail.  A
> quick search yields a few entries to a new xtail, which seems to be a
> standard tail with an X interface (?!).
>
> Looking deeper, I also found:
> ftp://ftp.lth.se/pub/usenet/alt.sources/volume89/May/xtail.tail.-f.for.gz
> http://www.mit.edu:8001/afs/athena.mit.edu/project/consultdev/Powe
rtools/XTAIL/
http://www.metronet.com/1/perlinfo/scripts/text-processing/ptail

The first two are the REAL xtail, written by Chip Rosenthal (remember
him?  I wonder where he is now...) in shar format (remember that?) from
1989 (remember then?).  I persuaded them to compile under Solaris and
Linux without much resistance.  Viva la UNIX.

The first is the original version.  The second has some additional
features, including the one you need:  continuing to watch an unlinked
file.  Other new features include printing status on SIGINT (to STDOUT,
which seems both useful and annoying at the same time.  Luckily it's
easy to turn off, with the source code) and the ability to watch files
that don't exist at the time of invocation.

One thing to note for your log rotation scheme:  xtail does *not*
notice if you rename a file -- it keeps the fd open.  If you then
unlink the file (in your example, perhaps by compressing it), xtail
will notice, and then discover the "new" file with the same name as
the one it had originally been watching, and start chewing on that.
A little bit painful, but it's tough to know what the right thing to
do is here -- follow the old file or the new file?  Plus, xtail is
already rather slow without having to recheck the inode each time
through the watch loop.

The third (ptail) is a perl version of xtail from 1994.  It uses perl4,
unfortunately -- it's amazing how much perl has changed in five years.
I mention it in case it's useful to anyone.

I also noticed that there was an hp-ux distribution of xtail that
someone had renamed to uxtail.  All the sources still had Chip's name
and referred to themselves as xtail, but the package was called uxtail.
Whatever.

Good luck,
Andrew Reynhout
reynhout () quesera com