Question

Historically, system administrators would drop down into a shell to run tail ‐f to follow logs in real time. Developed by Bare Metal Software, BareTail is an amazing, free, tiny tool that packs quite an impact. You can monitor your logs in real time in a GUI that allows you to navigate between multiple tabs to organize your streams of logs, highlighting and filtering those parts that are important. You can leave it running, and it refreshes constantly.

When you decide you need a tool to watch the flow of your logs, go to www.baremetalsoft.com/baretail to grab the tool. It downloads as baretail.exe , but it does not “install” as a permanent file. You can move this file and run it from any location with extremely flexible configuration options. I usually keep it on a USB.

Once you open BareTail, the first option under the main menu is Open. Click the Open File option to open a dialog box to navigate to the program logs you want to monitor. In Figure 9.8 , you see the path to Nexpose to troubleshoot issues or verify confirmed vulnerabilities on your system.

Figure 9.8 : Opening a file location to view the log

To look for specific words or strings, open the Highlighting menu next to the Open menu. You have the ability to filter, change the foreground color and/or background color, and type into the string location the keywords you are most interested in. In Figure 9.9 , you see that in nse.log , I have targeted the word vulnerable, and I am ignoring if it is displayed in uppercase or lowercase. In this log, if you scroll down some, you may see Vulnerable or Not Vulnerable when it examines a possible vulnerability on an asset. It will find the word you are searching for inside other words if necessary. When you click OK, the highlighted filters you create will stay activated in the log for as long as you have it open.

Figure 9.9 : Applying a filter to nse.log to find “vulnerable” assets