Multitail

Multitail Color Schemes

Multitail allows you to color lines in a couple ways:

• cs_re - this colors the *entire* match for the regexp
• cd_re_s - this colors any substrings that are matched by the subpatterns

The available colors are red, green, yellow, blue, magenta, cyan and white. Additionally you can specify a background color and an attribute using the format [fg-color][,bg-color][,attribute].

The attributes that I've found that seem to work are bold, underline and inverse. The example config uses blink but that attribute doesn't seem to work in my terminal. Additional valid attributes may be lurking in the source.

Some examples:

• red - simply make the text red
• red,blue - red with a blue background
• red,,bold - red with a bold background
• ,blue - blue background
• ,blue,bold - default text color with a blue background and bold text
• ,,bold - bold text

pflog

 # multitail -cS pflog -l 'tcpdump -n -s0 -i pflog0'
 colorscheme:pflog:pflog
 cs_re:cyan:^[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]+\
 cs_re:green:[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
 cs_re_s:yellow:....(\.[0-9]+):\
 cs_re_s:yellow:....(\.[0-9]+\ )
 cs_re_s:magenta::\ (.*),\
 cs_re:red:\ [SRPF]\
 cs_re_s:red:length\: (.*)$

ntsyslog

 #
 # Windows (NTsyslog)
 colorscheme:ntsyslog:Windows NTsyslog
 cs_re:cyan:^[A-Z][a-z][a-z]\ [0-9][0-9]\ [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\
 cs_re_s:magenta:...:[0-9][0-9]\ ([A-Za-z0-9]+)
 cs_re_s:green:...\[(info)\]
 cs_re_s:yellow:...\[(warning)\]
 cs_re_s:red:...\[(failure)\]
 cs_re_s:red:...\[(error)\]
 cs_re:red:Logon\ Failure
 cs_re_s:red:User\ Name:([A-Za-z0-9]+)\ \
 cs_re_s:red:Workstation\ Name:([A-Za-z0-9]+)
 cs_re_s:blue,,bold:...:[0-9][0-9]\ [A-Za-z0-9]+\ ([-A-Za-z0-9_ ]+)