How to use "less" as a logging tool

Last month I was working on site with some services guys as a support and found out, that they are using the 'less' command for checking the logs on UNIX machines with application server. Nothing unusual you think, but they used it in some automatic refresh mode which I have seen for first time. And since I found it extremely useful and not very well known, here is few lines about it.

So how it works? Try to open some log file in usual way on your console with a less command.

less /var/log/apache/messages

It will open the log file from Apache server. For highlighting particular line, press ':' (colon) and enter following regular expression (in our case we filter all access from specific IP address).

/(.*)212.71.138.23(.*)

Then press the SHIFT+F combination and the program will switch to auto fetching mode. It will keep the screen updated as the log file is being changed and continously apply the highlight filter on the content of file.

When you will see something suspicious, just hit CTRL+C combination, which will quite the fetching mode and you will be able to scroll up/down within the content of document. After examination, you can again hit SHIFT+F to return to autofetching mode.