How do I stop tail command in script

Question

What I want to do - Start capturing the CHANGES to a log file using a custom ssh client code***. After some time (which not a fixed value and is event based), issue a command to stop tailing. This is the command I use to capture the latest changes to a log file - tail -f logfile.txt

I want to be able to end it with something like :q which I can issue from a script. I don't want to keyboard commands like ctrl + c.

*** Pseudo code for my custom ssh client code (written in an oop language)

include ssh-api
ssh = getSSHConnection();
cmd = 'cd to folder';
ssh.command(cmd);
cmd = 'tail -f log.txt';
ssh.command(cmd);
wait for special event to occur...
cmd = 'stop the tail now!'
out = ssh.command(cmd);
print "the changes made to log file were\n"  + out;

I have no write access to the server where the log file is located.

What I tried - http://www.linuxquestions.org/questions/red-hat-31/how-to-stop-tail-f-in-scipt-529419/

I am not able to understand the solution there (Its in post 2). Can someone please explain the solution or suggest a different way to do this?

Thank you.

Answer 1

Inside your script you can make use of $! variable.

# run tail -f in background
tail -f /var/log/sample.log > out 2>&1 &

# process id of tail command
tailpid=$!

# wait for sometime
sleep 10

# now kill the tail process
kill $tailpid

$! Expands to the process ID of the most recently executed background (asynchronous) command.

Answer 2

Some ways I use to work around tail -f, using bash.

Waiting for specific incomming:

I use this often:

sed -une '
    /DHCPOFFER/{
        s/^\(.*\) [^ ]\+ dhcpd: DHCPOFFER on \([0-9.]\+\) to \([0-9a-f:]\+\) .*$/\1 \3 -> \2/p;
        q;
    }' < <(
      tail -f /var/log/syslog
    )

With this command, I could wait for next dhcp client and get time of event, mac address and offered IP.

In a script:

#!/bin/bash

read rMac rIp rDate < <(
  sed -une '
    /DHCPOFFER/{
      s/^\(.*\) [^ ]\+ dhcpd: DHCPOFFER on \([0-9.]\+\) to \([0-9a-f:]\+\) .*$/\3 \2 \1/p;
      q;
    }' < <(
      tail -n0 -f /var/log/syslog
))

printf "Date:\t%s\nMac:\t%s\nIP:\t%s\n" "$rDate" $rMac $rIp

For having a script remotely stopped:

The fifo way:

mkfifo /tmp/holder
tail -f /var/log/syslog &
TailPid=$!
cat >/dev/null /tmp/holder
kill -9 $TailPid

... Then from elswhere:

echo >/tmp/holder

will terminate tail command.

The lockpid way

#!/bin/bash

[ -e /tmp/lockfile ] && exit
echo $$ >/tmp/lockfile
[ $(</tmp/lockfile) -ne $$ ] && exit
cd /var/log
tail -f syslog &
export tPid=$!
trap "kill $tPid;rm /tmp/lockfile;exit 0" 12
wait $tPid

Then, from elswhere:

kill -USR2 $(</tmp/lockfile)

Via SSH

The second method work fine through ssh:

ssh -T root@remoteMachine /bin/bash <<"eocmd"
    [ -e /tmp/lockfile ] && exit
    echo $$ >/tmp/lockfile
    [ $(</tmp/lockfile) -ne $$ ] && exit
    cd /var/log
    tail -f syslog &
    export tPid=$!
    trap "kill $tPid;rm /tmp/lockfile;exit 0" 12
    wait $tPid
eocmd

(care about double quote around inline script tag)

Then, from elswhere:

ssh root@remoteMachine '/bin/bash -c "kill -USR2 $(</tmp/lockfile)"'

(care about quote and double quote, in this order)

Nota about security consideration: This don't take care about security issues! Having this kind of lockfile located in /tmp could be a bad idea...

Answer 3

You can execute tail in the background while redirecting its output to another file (e.g. /tmp/mylog) and write the pid of the process somewhere in a pid file (e.g. ~/mytail.pid):

tail -f logfile > /tmp/mylog & echo $! > ~/mytail.pid

Next, when you want to stop it, just execute:

kill `cat ~/mytail.pid`

Then, you can see the content of the log that you gathered in the meantime (it is also a good idea to remove it later):

cat /tmp/mylog
rm /tmp/mylog # just don't forget it there

Answer 4

The post #2 that you are referring to does the following:has the right answer.

It says:

tail -f /etc/httpd/logs/access_log & # This starts tailing the file in background (see & at the end)
kill `ps | grep tail | awk '{print $1;}'` # This finds the process running above tail command and kills it

You may want to introduce sleep 100 or something depending on your need, otherwise, the above two command will result in tailing just for a fraction of time before killing it.

Answer 5

According to your comment to @psmears, you might use CTRL+C

@psmears - surely. that would work too. All I want to do is tell unix to tail a file, stop tailing it whenever I want, and get me the output between starting and ending the tailing. Thanks. – Borat Sagdiyev 2 days ago

So you can simply launch your command within the ssh parameter.

 ssh username@remotehost tail -f /var/log/remotelog.txt | tee result.log

And when you're done, hit CTRL+C

In the previous command I used the tee command in order to see in my terminal the new lines and store them to the file.

If you want it to be this to be scriptable

You can do the following:

 ## store result to file
 FILE=result.log

 ## launch tail remote log, and store result to result.log
 ssh -n username@remote-host tail -f /path/to/remote.log > $FILE &

 ## store pid
 SSHPID=$!

 ## wait for ":q" command
 while [ "$cmd" != ":q" ]; do
    echo -ne "\n$ "
    read -n 2 cmd
 done

 ## kill ssh when you've enough
 kill $SSHPID

 ## read result
 echo "the changes made to log file were\n"
 cat $FILE

Note that if you want to separate start and stop scripts, you just have to store SSHPID in a file within the script

 echo $SSHPID > ~/.sshpid

and retrieve it from the second one

 SSHPID=`cat ~/.sshpid`

Answer 6

Better than a kill is to let tail exit properly:

tail -n0 --pid=$(($BASHPID+1)) -F logfile | sed '/special event string in the log/q'

When piping, PIDs are sequential, so the pid of the tail will be $BASHPID and the pid of the sed will be $BASHPID+1. The --pid switch will cause tail to exit (properly!) when the sed command quits. Obviously this is a bashism.