###################################################################### SYNOPSIS -------- Logtail is so named because it can be used to read the last few messages in a constantly-growing file; but rather than showing a fixed proportion of the log, it bookmarks its place and only prints out the material added since your last visit. This utility was originally provided as part of the package "logcheck", but can now be installed independently. ====================================================================== BOOKMARKS --------- Logtail uses an "offsetfile" recording the inode number and length in bytes of the file being tailed, then checks this data the next time and uses it as a decimal offset to recommence reading from. When no offset record exists, a new one is created and the logfile is read from the beginning. Inode information is taken into account so that logtail can detect the case where a file has been replaced by another of the same name (but probably with different content, so it's all printed) - a common effect of logfile rotation. On the other hand a file shrinking _without_ moving is a possible symptom of intruders covering their tracks, and triggers prominent warnings in the output. Logtail2, a different executeable, also handles log file rotation by guessing a file name that might have been the target of log rotation and printing that file's contents starting with the stored offset. If you have a non-standard rotation scheme, you can drop your own heuristic into /usr/share/logtail/detectrotate/ and have it automatically picked up by logtail2. ====================================================================== COMMANDLINE ARGUMENTS --------------------- See logtail(8) and logtail2(8). The first, compulsory argument is the name of the input logfile; unlike tail, logtail cannot use stdin! The second, optional argument specifies the filename to which offset records should be written. By default it simply adds .offset to the name of the input file, which leaves it up to the user to handle security issues such as directory write-access; for any serious purpose a dedicated offsets directory should be specified. ######################################################################