I try tailing from my fail2ban.log file and cut from
2021-12-29 09:01:59,540 fail2ban.actions [1837]: NOTICE [ssh] Unban xxx.xxx.xxx.xxx
2021-12-29 09:02:06,290 fail2ban.filter [1837]: INFO [postfix-sasl] Found xxx.xxx.xxx.xxx - 2021-12-29 09:02:06
2021-12-29 09:02:31,525 fail2ban.filter [1837]: INFO [wordpress-xmlrpc] Ignore xxx.xxx.xxx.xxx by ip
2021-12-29 09:03:21,711 fail2ban.filter [1837]: INFO [postfix-sasl] Found xxx.xxx.xxx.xxx - 2021-12-29 09:03:21
2021-12-29 09:04:14,149 fail2ban.filter [1837]: INFO [ssh] Found xxx.xxx.xxx.xxx - 2021-12-29 09:04:13
2021-12-29 09:04:16,458 fail2ban.filter [1837]: INFO [ssh] Found xxx.xxx.xxx.xxx - 2021-12-29 09:04:15
2021-12-29 09:05:25,477 fail2ban.filter [1837]: INFO [postfix-sasl] Found xxx.xxx.xxx.xxx - 2021-12-29 09:05:25
to
2021-12-29 09:01:59,540 [ssh] Unban xxx.xxx.xxx.xxx
2021-12-29 09:02:06,290 [postfix-sasl] Found xxx.xxx.xxx.xxx - 2021-12-29 09:02:06
2021-12-29 09:02:31,525 [wordpress-xmlrpc] Ignore xxx.xxx.xxx.xxx by ip
2021-12-29 09:03:21,711 [postfix-sasl] Found xxx.xxx.xxx.xxx - 2021-12-29 09:03:21
2021-12-29 09:04:14,149 [ssh] Found xxx.xxx.xxx.xxx - 2021-12-29 09:04:13
2021-12-29 09:04:16,458 [ssh] Found xxx.xxx.xxx.xxx - 2021-12-29 09:04:15
2021-12-29 09:05:25,477 [postfix-sasl] Found xxx.xxx.xxx.xxx - 2021-12-29 09:05:25
I first tried
tail -f /var/log/fail2ban.log | tr -s ' ' | cut -d" " -f1,2,6-
but it won’t generate any output.
Without the cut command, it is working fine. So I tried to pipe it into less instead of cut, but it has no output either.
I found, tr -s cannot do any output until the input is EOF.
So, how can I do this?
>Solution :
You are looking at buffering. It will print something eventually, but only when you have enough output for the buffer to be flushed. This is a common FAQ.
Anyway, you can easily refactor this to a single Awk script, which avoids the problem.
tail -f /var/log/fail2ban.log |
awk '{ $3=$4=$5=""; sub(/ +/, " ") }1'