As a developer or system administrator, you often need to keep an eye on changing files or the output of a command. You might be watching a log file for specific entries, monitoring a temporary file, or waiting for a background process to change a status file.
The common approach for growing log files is tail -f, but what if you need to see changes happening anywhere in a file, not just at the end? Or what if you want to monitor the output of a command that doesn’t have its own “watch” mode? The answer lies in a powerful combination of two classic Unix utilities: watch and diff.
The Tools for the Job
First, a quick refresher on our two key players:
watch: A handy utility that runs a specified command repeatedly at a set interval (every 2 seconds by default). It displays the output of the command full-screen, refreshing with each run. It’s your window into live data.diff: The standard tool for comparing two text files line by line. It’s the foundation for version control systems like Git and is perfect for spotting what has changed between two sources of text.
The Basic Combination: A Live Diff
Let’s start with a simple scenario. You have an original configuration file, config.txt, and a copy, config_modified.txt, that a process might be altering. To see the changes as they happen, you can run:
watch diff config.txt config_modified.txtYour terminal will clear and show you the output of the diff command every two seconds. The moment config_modified.txt is changed, the watch window will update to show you the exact differences.
Making It Better: Highlighting and Readability
While the basic command works, we can improve it significantly.
First, diff’s default output format isn’t always easy to read. The unified format (-u) is much clearer for human eyes.
Second, watch has a killer feature: the -d or --differences flag. This flag tells watch to highlight the changes between its own updates. This makes it incredibly easy to spot exactly what has changed from one run to the next.
Let’s combine these improvements:
# Highlight changes using a readable diff format
watch -d diff -u original_file.txt modified_file.txtNow, your terminal will not only show you a clean diff output but will also flash a highlight over the characters that are new or different since the last check.
The Pro-Tip: Diffing Command Output
This is where the technique truly shines. You don’t have to be limited to files on disk. With process substitution (<(command)), you can diff a file against the live output of another command.
Scenario: You want to monitor a directory for any new or deleted files.
-
First, save the initial state of the directory listing:
ls -l /etc/ > initial_listing.txt -
Now, use
watchto continuously diff the saved file against the current output ofls -l /etc/:watch -d diff -u initial_listing.txt <(ls -l /etc/)
If you open another terminal and create a file in /etc/ (you may need sudo), you will instantly see the watch window update to show the new file in the diff output, with the changes highlighted.
Conclusion: A Powerful Pattern
The watch diff pattern is a must-know for anyone serious about the command line. It provides a flexible, real-time monitoring solution for a wide range of tasks:
- Observing changes in configuration files.
- Monitoring the output of system utilities like
netstat,ps, orls. - Debugging scripts that write to status or output files.
While tail -f is perfect for tracking appended data, watch diff gives you a complete, live view of any change, anywhere. It’s a testament to the Unix philosophy of small, sharp tools that can be combined to do powerful work.