Keeping Up with watch
As a system administrator, you practically have to have eyes in the back of your head and be aware of all kinds of activities that might be going on. The watch command is your friend. It keeps an eye on pretty much anything (users, system, or files) you want to monitor.
To watch:
watch last
Use watch to monitor the output of a specific command. When something changes, you’ll see it in the watch output (Figure 16.5). In this case, we’re monitoring who logged in and when.
Or
watch --differences=cumulative → ls -l /var/spool/mail
You can watch to see if mail’s getting delivered by monitoring an ls –l output from the /var/spool/mail directory. The extra flags show cumulative differences since you started watch.
✓ Tips
The watch utility can be really handy, but sometimes it’d be easier to just do something like tail –f /var/log/httpd/ access_log to keep track of the Web server access log or to write a shell script to periodically run last. Basically, watch is useful, but it’s not the only way to monitor what’s going on.
On the lighter side, you can also use watch to periodically run other programs. For example, watch –n 5 fortune will display a new fortune every five seconds.