How to Monitor Server Logs in Real-Time with Tool on RHEL 7 /CentOS 7

1.Introduction is a small simple but effective application build on top of Node.js and, which allows to monitor Linux servers log files in real time through web interface screen widgets. This guide will help you to monitor server log with on CentOS 7 / RHEL 7.

2.Operating System

This article is based on RHEL 7 / CentOS 7 .


3.1 Add Epel Repositories

Install Epel repositories by running the following command.

# yum install

After you added Epel Repos, do a system upgrade by running the following command.

# yum update

Install Node.js and NPM Packages

Node.js is a Java-script server-side programming platform which allows you to create an applications with back-end functionality. NPM (Node Package Manager) is package manager for Node.js, So the next step is to install Node.js and NPM binaries on your system through the following command.

# yum install npm nodejs 

3.3 Install and Configure Application application must be installed on your system through NPM by specifying a valid system user, through which the installation must take place. So here we can install the application as root user. For installing run the below command.

# npm install -g --user “root”

After installation has been completed change the working directory to folder, which is hidden under the “/root” directory.

[root@sapin-centos7 ~]# pwd
[root@sapin-centos7 ~]# cd
[root@sapin-centos7]# ll
total 12
-rw-r--r-- 1 root root 225 Jan 18 17:21 harvester.conf
-rw-r--r-- 1 root root  56 Jan 18 16:24 log_server.conf
-rw-r--r-- 1 root root 516 Jan 18 17:22 web_server.conf

Now it’s time to configure to monitor local log files in real time.
There are mainly three configuration files and are listed below.

> harvester.conf
> log_server.conf
> web_server.conf


This the configuration file for harvester, it is nothing but a log forwarder which keeps on watching log files for changes, send new log to the server. We can configure nodeName, what are all logs to watched and where to send a log. By default it only monitors Apache log files such us “access_logs and error_logs”, Here we have to replace the nodeName statement to match your hostname and also you have to add the logStreams statements with what internal log files that you want to monitor.

exports.config = {
  nodeName: "",
  logStreams: {
    apache: [
  server: {
    host: '',
    port: 28777

Also if you don’t need harvester output to be sent to a remote server change the line host on server statement to only send its output locally by modifying address with loopback address (


For security reasons, if you are not expecting remote harvesters output to your local server, Open log_server.conf file and replace address with loopback address (

exports.config = {
  host: '',
  port: 28777


This the configuration file of web interface, this alters the functionality of the web portal. By-default, web portal is accessible on port no 28778 and on all interface. This file offers a way to increase the security by putting HTTP authentication,securing the web interface with SSL, disallowing logs from specific ip address and restricting the web interface access to the specific ip.

exports.config = {
  host: '',
  port: 28778,

  // Enable HTTP Basic Authentication
  auth: {
    user: "admin",
    pass: "adminlogin"

  // Enable HTTPS/SSL
  ssl: {
    key: '/path/to/privatekey.pem',
    cert: '/path/to/certificate.pem'

  // Restrict access to websocket (
  // Uses 'origins' syntax
  restrictSocket: '*:*',

  // Restrict access to http server (express)
  restrictHTTP: [


3.4 Add Firewall Rule and Start Application

For web access to server add a rule on RHEL/CentOS 7 Firewall to open TCP 28778 port by issuing the following command.

firewall-cmd --add-port=28778/tcp --permanent
firewall-cmd --reload

3.5 Start Application

For start log monitoring application assure that your current working directory is “/root” and use the following commands in the following order to start application.

> First start server, put it in background and press Enter key & 

> Start log harvester in background & 
[root@sapin-centos7]# &
[1] 16427
[root@sapin-centos7]#    info  - started

[root@sapin-centos7]# &
[2] 16431

4. Access Web Interface

Then open your web browser and visit http://your-ip-address:28778. You will get the following page with logs.

5. Conclusion

We have successfully installed and configured a real-time log monitoring tool “” on CentOS 7 / RHEL 7. is an excellent and effective web application to monitor local or remote servers log files is real time and get an outlook on what is going internally in the systems and especially to debug server problems when systems tend to become unresponsive or crashes, without the need to use a console.


2 Replies to “How to Monitor Server Logs in Real-Time with Tool on RHEL 7 /CentOS 7”

  1. Hi,

    Sometimes we received below error in the server logs file.

    error: Lost TCP connection…
    error: Lost TCP connection…
    error: Lost TCP connection…

    Possible cause are 1. agent is down on agent server 2. log file is rotated, due to this agent is not able to read the log file.

    So my question is if we have multiple agent then how we know as per the server log file which instance is down ? Is there any setting in the configuration file to prefix hostname in log file.

Leave a Reply

Your email address will not be published.