From Mandriva Community Wiki

These ideas are derived and inspired from Vincent Danen's howto that comes with the swatch /usr/share/docs README.mandrake file.
-- RickSisler

When I started using Mandriva Linux 9.1 at the time, I saw some transparent terminal screenshots that caught my attention. For an example:

http://irsissz.homelinux.net/img/transparent1.jpg

Hmm .. So how'd they get console-text on the desktop? Seeing this, I started searching for information on how to achieve this coolness on my screen! I went google'ing and found out that they were running a command named tail or swatch, which is similar to tail, but a whole lot more. If you have a system problem, watching a log file in real-time is extremely useful. So after installing swatch and reading the /usr/share/doc/ for it, I ran across Vincent's suggestions for running it and now use different ways to view syslog on my desktop.

Contents 1 What is syslog? 2 What is tail? 3 Setting up sudo 4 Terminals 4.1 Eterm 4.2 KDE and Eterm 5 What is swatch ? 6 Links

[edit] What is syslog?

Most systems have a facility called syslog that allows programs to submit messages of interest to system administrators for debugging, system notifications and alerting of running processes. Another useful log file to watch is /var/log/messages.

[edit] What is tail?

tail is a common command in linux and from the man page states: "Print the last 10 lines of each FILE to standard output." At this time we will have to log in as root, since these files are not supposed to be viewed by anyone other than root initially. For example, in a console, as root, type:

    $ tail /var/log/messages

which will show the last 10 lines of this file.

We can add the -n XXX switch and show more lines than the default 10. e.g. by replacing XXX with 200:

    $ tail -n 200 /var/log/messages

So, in order to scroll syslog, we use the -f switch, which allows you to watch the file as it grows in size in real-time:

    $ tail -f /var/log/syslog

There is also a program called multitail that will allow you to scroll 2 or more log files at once. It a contrib's package. I use it to scroll the apache logs from my webserver, the error_log and access log file. You can watch more than 2 files but I only use it to *watch* apache logs and not more than 2 logs at once, since it would require more screen real estate. There is also root-tail and colortail, but I haven't tested these.

[edit] Setting up sudo

First thing to do is setup our user with sudo so we can view the log files without logging in as root or make them world writable. Qouting Vincent's comments from the README: "You can run swatch as a user, but you will not have access to read the /var/log/{swatch,messages} file unless you make it world readable which is a bad idea.", and "Change user to your username (ie. vdanen), and you can remove the NOPASSWD: command if you want (that just allows you to run swatch without being asked for your password)".

    Cmnd_Alias   SWATCH = swatch --tail-file=/var/log/syslog
    user         ALL=(ALL) NOPASSWD: SWATCH

    Cmnd_Alias   TAIL = /usr/bin/tail -f /var/log/syslog
    user         ALL=(ALL) NOPASSWD: TAIL

    Cmnd_Alias   MULTITAIL = /usr/bin/multitail -D -f /var/log/syslog -i /var/log/snort/alert
    user         ALL=(ALL) NOPASSWD: MULTITAIL

Another suggestion from Vincent to avoid a serious security concern, by setting sudo in this way, adding the switches and logs to be watched, these commands can't be used to view all other files as root on your system, another bad idea. So I setup my /etc/sudoers file this way and added the tail and multitail commands. (The -D switch for multitail stops email notification from the command-line.)

NOTE: The /etc/sudoers file is where you set the users as well as the programs they are allowed to run using sudo. It must only be edited using visudo which does strict syntax checking (sudo will not run if the /etc/sudoers contains errors) and also locks the file against others accessing it. visudo does not require vi. An alternate editor can be set using the $EDITOR or the $VISUAL environment variable. (which, if you don't already know, gets set in your shell startup files i.e. ~/.bashrc or ~/.bash_profile). Read the man page for more of the syntax of the sudoers(5) file.

Security Warning:

Be careful with what you allow users to do with sudo, there are ways in which sudo access can be exploited to gain unauthorized root privileges. From the sudo README file: "The sudo philosophy - Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done." You should have a look at the man pages for sudo, sudoers and visudo - http://www.courtesan.com/sudo/

[edit] Terminals

[edit] Eterm

Here are some settings I found that work. We'll use -x switch to make it the borderless version:

    $ Eterm -g 130x28 -O --shade 21 -x --buttonbar off --scrollbar off

http://irsissz.homelinux.net/img/transparent2.jpg

• Most Eterm flags are self-explainable.
• -g or --geometry is for geometry.
• One extra thing too, this works with pixel size and reads.. width x height + X +Y for any screen offset from the upper left hand corner of the screen. 80x25+5+20 would be.. 80 wide by 25 height + 5 pixels from left or off the x axis + 20 from the top or y axis of the screen.
• -O ..activates the transparency feature, make sure its a capital letter O and not zero.
• --shade ..will give it a darker shaded background, the range is 0-100 (zero being completely transparent and 100 being a solid black background)

Refer to the man-pages to learn more about Eterm customization.

[edit] KDE and Eterm

Most new users start using the KDE desktop, so we'll start with that. In order to get a transparent Eterm with KDE, you can use kstart from the command-line to get going. Using the Eterm settings listed first, we add this to the kstart command-line, here is how to do it with KDE and Eterm:

This line:
$ Eterm -x -O --buttonbar no --scrollbar no --no-cursor yes --geometry 80x25+35+65

needs to be run from kstart command(all on one line):
$ kstart --skiptaskbar --skippager --alldesktops --onbottom Eterm -x -O --buttonbar no --scrollbar no \
--no-cursor yes --geometry 200x25+35+65

Then, at the prompt, type:

    $ sudo tail -f /var/log/syslog

http://irsissz.homelinux.net/img/transparent3.jpg

(Note: It does seem to work with konsole but I have not tested it completely since I don't know the settings for it. )

I like KDE but I started searching for a minimalistic Windowmanager, less bloated, and settled on Fluxbox. I have a key macro that will toggle the display of the frame for aterm, Eterm or any program running on Fluxbox. I recommend using aterm with Fluxbox, its much faster than Eterm and has the same features (more or less). Just check how much memory is used for Eterm and aterm, also try to ls -la /usr/lib and you will notice aterm is much faster. Here is the command line to have aterm look cool (all in one line).

    $ aterm -tr +sb -sr -si -sk -bg black -shading 60 -fade 90 -tn xterm -g 130x50+20-0 -fg \#cecece

Then, at the prompt, type:

    $ sudo tail -f /var/log/syslog

or

    $ sudo multitail -D -f /var/log/syslog -i /var/log/snort/alert

[edit] What is swatch ?

Swatch stands for: the *Simple* *WATCHdog* - http://swatch.sourceforge.net/

"Swatch was originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility.", qouted from the swatch README that comes with the swatch source code and in the /usr/share/doc/swatch directory.

Here's an example session

    $ sudo swatch --tail-file=/var/log/syslog
    swatch: cannot read /home/ricks/.swatchrc
    swatch: using default configuration of:

            watchfor = /.*/
                    echo

    *** swatch version 3.1 (pid:25161) started at Tue Mar  8 19:03:01 EST 2005
    Mar  8 19:05:27 peace kernel: end_request: I/O error, dev fd0, sector 0
    Mar  8 19:05:27 peace kernel: end_request: I/O error, dev fd0, sector 0
    Mar  8 19:05:27 peace kernel: end_request: I/O error, dev fd0, sector 0

Well, not much going on on this desktop, but you can use the syslog to actively setup swatch to alert you of any wrong doing or problems in real time. For example, you can have it email a warning to you, perform an action such as start a script. Swatch can do more than just scroll a log file. I was using the standard /etc/swatchrc file that comes with Mandriva 10.0 version, but it will fail, at least for me, until you convert it to swatch's new syntax from 10.1 and swatch version 3.1. I am not up-to-speed on these changes yet, so it's a work in progress, I will post any results when I can get this sorted.

A good tip to note, from README.mandrake, is where Vincent recommends creating a special Swatch log file. I thought I would mention this because you can setup sudo with access to this file, this helps reduce the multiple entries for every different command and log file to watch. I will post it here, he suggests this:

-- from Swatch README.mandrake ----------------------------------------------

"add the following entry to /etc/syslog.conf and restart it"

    # Special logfile for swatch:
    *.*         -/var/log/swatch

you will want to add an entry for logrotate to rotate the file.

You can do that by adding the following to your /etc/logrotate.d/syslog file:

  /var/log/swatch {
    weekly
    compress
    rotate 1
    postrotate
      /usr/bin/killall -HUP syslogd
    endscript
  }

This will keep only one week's worth of log files because everything in the swatch log file is duplicated everywhere else.

We just do this to keep the file from growing to a monumental size.

swatch does not need to be restarted when you rotate the log, so you do not need to worry about this at all.

-- from Swatch README.mandrake ----------------------------------------------

So after doing this, we'll adjust our sudo setup, like this:

    Cmnd_Alias   SWATCH = swatch --tail-file=/var/log/swatch
    user         ALL=(ALL) NOPASSWD: SWATCH

    Cmnd_Alias   TAIL = /usr/bin/tail -f /var/log/swatch
    user         ALL=(ALL) NOPASSWD: TAIL

This should get you started with using tail or swatch to scroll a log file.

Happy scrolling ;)

[edit] Links

• multitail - http://www.vanheusden.com/multitail/
• root-tail - http://www.goof.com/pcg/marc/root-tail.html
• Swatch - http://swatch.sourceforge.net/

• aterm - http://aterm.sourceforge.net/features.php
• Eterm - http://www.eterm.org/

Thanks to Vincent Danen for adding this README to the swatch package and allowing me to add this to the Wiki.